What is OVAL and how can I use it to learn about security issues?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux

Issue

What is OVAL and how can I use it to learn about security issues?

Resolution

The Open Vulnerability and Assessment Language (OVAL) is an  international information-security effort that promotes open and  publicly available security content. The goal of OVAL is to standardize  the way security advisories are communicated across the entire spectrum  of security tools and services.
OVAL is a project of  the MITRE Corporation, which is well known for providing CVE (Common  Vulnerabilities and Exposures) listings.

Red Hat now  provides OVAL patch definitions for Red Hat Enterprise Linux 3 and later  versions. With OVAL-compatible tools, these definitions can be used to  accurately test for the presence of vulnerabilities.

The OVAL definitions can be found here: http://www.redhat.com/oval .

A listing of third-party OVAL compatible tools can be found here: http://oval.mitre.org/compatible/compatible.html

NOTE: Red Hat does not provide support for these third-party tools. However,  Red Hat's commitment to providing OVAL-compatible patch definitions  means that users of these tools can now easily integrate them with their  Red Hat Enterprise Linux environments.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.