MITRE’s Industry-Wide Effort to Standardize Vulnerability Language Promotes Faster, More Accurate Vulnerability Identification
Redwood City, CA — December 20, 2004 — Qualys™, Inc., the leading provider of on demand vulnerability management solutions, today announced the appointment of Gerhard Eschelbeck, CTO and VP of Engineering for Qualys and author of “The Laws of Vulnerabilities,” to the board of MITRE’s Open Vulnerability Assessment Language (OVAL at http://oval.mitre.org) initiative. OVAL is an industry wide effort to develop a common language for security professionals to specify the technical details of vulnerability and configuration issues.
Support for OVAL will promote standardized vulnerability assessment and will provide consistent and reproducible information assurance metrics. Qualys will be adding OVAL support to its QualysGuard vulnerability management solution in 2005, allowing customers to import existing OVAL definitions and rapidly develop custom vulnerability detection signatures through a standardized XML based language.
“OVAL provides a common language to define the technical conditions in checking for vulnerabilities and misconfigurations on computer networks,” said Matthew Wojcik, OVAL moderator. “The expertise our board members bring to the effort is helping us successfully standardize the vulnerability assessment process and the exchange of assessment results. We are very excited to have Qualys support the OVAL effort.”
OVAL expands upon the Common Vulnerabilities and Exposure (CVE) program, a dictionary of standardized names and descriptions for publicly known information security vulnerabilities and exposures, developed by MITRE in cooperation with the international security community. Prior to OVAL there was no common or structured means for system administrators and other end users to determine the existence of vulnerabilities or configuration issues.
“As an industry, we have made significant strides in standardization with CVE, and I am honored to join this community effort to extend the standardization of vulnerability definitions,” said Gerhard Eschelbeck, CTO and VP of Engineering for Qualys. “Qualys values and is fully committed to supporting the OVAL effort, which will ease the burden on security administrators in identifying and eliminating security vulnerabilities.”
OVAL is a result of the collaborative efforts of MITRE along with broad participation from the information security community and is sponsored by the US-CERT at the U.S. Department of Homeland Security. The OVAL Board includes representatives from numerous organizations such as operating system and security tool vendors, academic institutions, and government.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Contact: Megan Lamb