Welcome!

Red Hat News Desk

Subscribe to Red Hat News Desk: eMailAlertsEmail Alerts
Get Red Hat News Desk via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Article

Red Hat Announces OVAL Security Compatibility For Linux Users

Provides A Structured And Machine-Readable Version Of Advisories
By Red Hat News Desk
Article Rating:
June 22, 2006 09:30 AM EDT
Reads:
 7,810
Red Hat announced compatibility certification with Open Vulnerability and Assessment Language (OVAL) definitions for Red Hat Enterprise Linux 3 and 4 security advisories. Red Hat will now produce and support OVAL patch definitions to provide a structured and machine-readable version of advisories, allowing OVAL-compatible tools to accurately test for the presence of vulnerabilities.

With OVAL compatibility, Red Hat Enterprise Linux users can benefit from the utilization of third-party, OVAL-compatible patch auditing and compliance tools to audit their systems. By providing an alternative, machine-readable view of Red Hat security errata advisories, users can now integrate data about vulnerabilities from the Red Hat Security Response team into their existing vulnerability management processes. All users will continue to use Red Hat Network to manually or automatically obtain updates in addition to this new security view.

"As a founding member of the OVAL board, we've been working with the MITRE Corporation on OVAL for many years," said Mark J. Cox, Red Hat Security Response Team Lead, Red Hat. "Just as the MITRE CVE project has become common for dealing with vulnerability patches, we expect the same rapid adoption for the OVAL project. This initiative forms part of our commitment to make the deployment of security ubiquitous through the use of industry-wide standards."

"The translation of Red Hat errata into OVAL allows organizations looking to secure Red Hat operating systems to rely on open, standards-based tests that can be digested by assessment tools in order to perform instant and automated evaluations," said Matthew Wojcik, Senior Information Security Engineer and OVAL Moderator, the MITRE Corporation. "By pursuing OVAL compatibility, Red Hat has declared their commitment to open standards and is helping to raise the bar for patch management and vulnerability assessment in the marketplace."

The OVAL project, maintained by the MITRE Corporation, is an international information-security effort that promotes open and publicly available security content, and seeks to standardize the transfer of this information across the entire spectrum of security tools and services.

Published June 22, 2006 – Reads 7,810
Copyright © 2006 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Red Hat News Desk

Red Hat News Desk trawls the world's news information sources and brings you timely updates on its flagship Red Hat Enterprise Linux as well as the company's other product lines including database, content, and collaboration management applications; server and embedded operating systems; and software - including its most recent virtualization offerings.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
bish 06/23/06 09:59:06 PM EDT

I like ads. I especially like the obscenely annoying ones that pop open over the tiny window of text between more ads. I think they obscure the reader's view of the ads beneath it, though.

I like how the user needs to click something to avoid the ads, which is good because studies show that users can easily and quickly interact with an ad like that, without becoming frustrated or just NEVER COMING BACK. My lord, is this site ever lame; remember when the story was actually more important than the sea of links, options and slathering of ads?
enterprise open source news desk 06/22/06 03:25:28 AM EDT

Red Hat announced compatibility certification with Open Vulnerability and Assessment Language (OVAL) definitions for Red Hat Enterprise Linux 3 and 4 security advisories. Red Hat will now produce and support OVAL patch definitions to provide a structured and machine-readable version of advisories, allowing OVAL-compatible tools to accurately test for the presence of vulnerabilities.