Welcome!

Red Hat Authors: Colin Walker, Keith Bergelt, Maureen O'Gara, RealWire News Distribution, Jason Rahm

Related Topics: Red Hat, Security

Red Hat: Article

Open Source Red Hat Announces OVAL Security Compatibility

New OVAL patch definitions provide a new view of security
By Red Hat News Desk
Article Rating:
June 22, 2006 12:30 PM EDT
Reads:
 8,284
Red Hat, provider of open source solutions to the enterprise, announced compatibility certification with Open Vulnerability and Assessment Language (OVAL) definitions for Red Hat Enterprise Linux 3 and 4 security advisories. Red Hat will now produce and support OVAL patch definitions to provide a structured and machine-readable version of advisories, allowing OVAL-compatible tools to accurately test for the presence of vulnerabilities.

With OVAL compatibility, Red Hat Enterprise Linux users can benefit from the utilization of third-party, OVAL-compatible patch auditing and compliance tools to audit their systems. By providing an alternative, machine-readable view of Red Hat security errata advisories, users can now integrate data about vulnerabilities from the Red Hat Security Response team into their existing vulnerability management processes. All users will continue to use Red Hat Network to manually or automatically obtain updates in addition to this new security view.

"As a founding member of the OVAL board, we've been working with the MITRE Corporation on OVAL for many years," said Mark J. Cox, Red Hat Security Response Team Lead, Red Hat. "Just as the MITRE CVE project has become common for dealing with vulnerability patches, we expect the same rapid adoption for the OVAL project. This initiative forms part of our commitment to make the deployment of security ubiquitous through the use of industry-wide standards."

"The translation of Red Hat errata into OVAL allows organizations looking to secure Red Hat operating systems to rely on open, standards-based tests that can be digested by assessment tools in order to perform instant and automated evaluations," said Matthew Wojcik, Senior Information Security Engineer and OVAL Moderator, the MITRE Corporation. "By pursuing OVAL compatibility, Red Hat has declared their commitment to open standards and is helping to raise the bar for patch management and vulnerability assessment in the marketplace."

The OVAL project, maintained by the MITRE Corporation, is an international information-security effort that promotes open and publicly available security content, and seeks to standardize the transfer of this information across the entire spectrum of security tools and services.


Published June 22, 2006 – Reads 8,284
Copyright © 2006 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Red Hat News Desk

Red Hat News Desk trawls the world's news information sources and brings you timely updates on its flagship Red Hat Enterprise Linux as well as the company's other product lines including database, content, and collaboration management applications; server and embedded operating systems; and software - including its most recent virtualization offerings.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.