Summary

In Recommendation ITU-T X.1526 the Open Vulnerability and Assessment Language (OVAL) standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analysing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.) and reporting the results of this assessment. The purpose of OVAL is to provide an international, information security, community standard to promote open and publicly available security content and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL is a language used to encode system details, and an assortment of content repositories held throughout the community.