MITRE’s Industry-Wide Effort to Standardize Vulnerability Language Promotes Faster, More Accurate Vulnerability Identification
Redwood City, CA — December 20, 2004 — Qualys™, Inc., the leading provider of on demand vulnerability management solutions, today announced the appointment of Gerhard Eschelbeck, CTO and VP of Engineering for Qualys and author of “The Laws of Vulnerabilities,” to the board of MITRE’s Open Vulnerability Assessment Language (OVAL at http://oval.mitre.org) initiative. OVAL is an industry wide effort to develop a common language for security professionals to specify the technical details of vulnerability and configuration issues.
Support for OVAL will promote standardized vulnerability assessment and will provide consistent and reproducible information assurance metrics. Qualys will be adding OVAL support to its QualysGuard vulnerability management solution in 2005, allowing customers to import existing OVAL definitions and rapidly develop custom vulnerability detection signatures through a standardized XML based language.
“OVAL provides a common language to define the technical conditions in checking for vulnerabilities and misconfigurations on computer networks,” said Matthew Wojcik, OVAL moderator. “The expertise our board members bring to the effort is helping us successfully standardize the vulnerability assessment process and the exchange of assessment results. We are very excited to have Qualys support the OVAL effort.”
OVAL expands upon the Common Vulnerabilities and Exposure (CVE) program, a dictionary of standardized names and descriptions for publicly known information security vulnerabilities and exposures, developed by MITRE in cooperation with the international security community. Prior to OVAL there was no common or structured means for system administrators and other end users to determine the existence of vulnerabilities or configuration issues.
“As an industry, we have made significant strides in standardization with CVE, and I am honored to join this community effort to extend the standardization of vulnerability definitions,” said Gerhard Eschelbeck, CTO and VP of Engineering for Qualys. “Qualys values and is fully committed to supporting the OVAL effort, which will ease the burden on security administrators in identifying and eliminating security vulnerabilities.”
OVAL is a result of the collaborative efforts of MITRE along with broad participation from the information security community and is sponsored by the US-CERT at the U.S. Department of Homeland Security. The OVAL Board includes representatives from numerous organizations such as operating system and security tool vendors, academic institutions, and government.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.