Product manual

ManualsBrandsGFI ManualsSoftwareLanGuard, Add, 25-49IP, 1Y, ENG

251

252

253

254

255

256

257

258

259

260

GFI LanGuard 18 Appendix 2 - Certifications | 259

18 Appendix 2 - Certifications

GFI LanGuard is OVAL and CVE certified. The following sections describe each certification and

explain how they are used in GFI LanGuard.

Topics in this chapter:

18.1 Open Vulnerability and Assessment Language (OVAL) 259

18.2 Common Vulnerabilities and Exposures (CVE) 260

18.1 Open Vulnerability and Assessment Language (OVAL)

Open Vulnerability and Assessment Language (OVAL™) is an international, information security,

community standard to promote open and publicly available security content, and to standardize the

transfer of this information across the entire spectrum of security tools and services. OVAL includes a

language used to encode system details, and an assortment of content repositories held throughout

the OVAL community. The language standardizes the three main steps of the assessment process:

Representing configuration information of systems for testing

Analyzing the system for the presence of the specified machine state (vulnerability, configuration,

patch state, etc.)

Reporting the results of this assessment.

The repositories are collections of publicly available and open content that utilize the language.

The OVAL community has developed three XML schemas to serve as the framework and vocabulary of

the OVAL Language. These schemas correspond to the three steps of the assessment process:

An OVAL System Characteristics schema for representing system information

An OVAL Definition schema for expressing a specific machine state

An OVAL Results schema for reporting the results of an assessment

Content written in OVAL Language is located in one of the many repositories found within the

community. One such repository, known as the OVAL Repository, is hosted by MITRE Corporation. It is

the central meeting place for the OVAL Community to discuss, analyze, store, and disseminate OVAL

Definitions. Each definition in the OVAL Repository determines whether a specified software

vulnerability, configuration issue, program, or patch is present on a system.

The information security community contributes to the development of OVAL by participating in the

creation of the OVAL Language on the OVAL Developers Forum and by writing definitions for the OVAL

Repository through the OVAL Community Forum. An OVAL Board consisting of representatives from a

broad spectrum of industry, academia, and government organizations from around the world oversees

and approves the OVAL Language and monitors the posting of the definitions hosted on the OVAL Web

site. This means that the OVAL, which is funded by US–CERT at the U.S. Department of Homeland

Security for the benefit of the community, reflects the insights and combined expertise of the

broadest possible collection of security and system administration professionals worldwide.

18.1.1 GFI LanGuardOVAL Support

GFI LanGuard supports all checks defined in the XML file issued by OVAL, with the exception of HP–UX

checks.