Integrating your information security vulnerability management capabilities through industry standards (CVE&OVAL)

There are important changes to the cyber-security industry, being fostered by the Common Vulnerability Exposures (CVE®) and Open Vulnerability Assessment Language (OVAL™) Initiatives, a pair of international, community-based effort amongst industry, government, and academia. These changes will transform the way your enterprise deals with vulnerabilities in the commercial and open source components of your enterprise infrastructure and mission systems. With approximately 150 organizations working to support the CVE standard in more than 250 cyber-security products and services, CVE is quickly becoming an organizing mechanism that can make enterprise management of information security vulnerabilities less of a labor intensive art and more of an engineered practice. The OVAL effort builds upon CVE to create a means for making vulnerability alerts more applicable to individual enterprises. OVAL is aimed to provide the means for standardized vulnerability assessment and result in consistent and reproducible information assurance metrics for systems.