[Owasp-board] FW: Oval

Dave Wichers dave.wichers at owasp.org
Mon Sep 13 21:50:17 UTC 2010


I replied to Megan that we can’t help her.

 

-Dave

 

From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Alison Shrader
Sent: Monday, September 13, 2010 1:45 PM
To: 'OWASP Foundation Board List'
Subject: [Owasp-board] FW: Oval

 

Hi Everyone,

 

I received an email from Megan Dow asking questions about Oval.  To be honest, I have no idea what this is or what she is asking exactly.  I didn’t want to just ignore her message though b/c she said that she was given my name by George Tselentis.  Can somebody please just look this over and let me know if this is something we can help her with?

 

Thanks,

 

Alison Shrader

OWASP

9175 Guilford Road, Suite 300

Columbia, MD 21046

301-575-0197

alison.shrader at owasp.org

 

 

From: Megan Dow [mailto:Megan.Dow at clovisgroup.com] 
Sent: Monday, September 13, 2010 12:43 PM
To: alison.mcnamee at owasp.org
Subject: RE: Oval

 

Hi Alison,

 

One of our clients requested Oval Developer resources for a federal government project. I did some initial research on Oval and found the following information. I'm trying to get more info from the client in the meantime. George had referred me to you and OWASP to gather more insight into OVAL and to find out if you know how to best retain these human capital resources?

 

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language.

The OVAL community has developed three schemas written in Extensible Markup Language (XML) to serve as the framework and vocabulary of the OVAL Language. These schemas correspond to the three steps of the assessment process: an OVAL System Characteristics schema for representing system information, an OVAL Definition schema for expressing a specific machine state, and an OVAL Results schema for reporting the results of an assessment.

Content written in the OVAL Language is located in one of the many repositories found within the community. One such repository, known as the OVAL Repository, is hosted by The MITRE Corporation. It is the central meeting place for the OVAL Community to discuss, analyze, store, and disseminate OVAL Definitions. Each definition in the OVAL Repository determines whether a specified software vulnerability, configuration issue, program, or patch is present on a system.

The information security community contributes to the development of OVAL by participating in the creation of the OVAL Language on the OVAL Developers Forum and by writing definitions for the OVAL Repository through the OVAL Community Forum. An OVAL Board consisting of representatives from a broad spectrum of industry, academia, and government organizations from around the world oversees and approves the OVAL Language and monitors the posting of the definitions hosted on the OVAL Web site. This means that the OVAL, which is funded by US-CERT at the U.S. Department of Homeland Security for the benefit of the community, reflects the insights and combined expertise of the broadest possible collection of security and system administration professionals worldwide.

Megan Dow

Account Executive

CLOVIS

Direct Dial:          301.841.4116

Fax:                   301.365.8498

 

What’s happening at  <http://www.clovisgroup.com/> clovisgroup.com | Follow us on  <http://www.twitter.com/ClovisDC> Twitter.com/ClovisDc

  _____  

Better People. Better Teams. Better Solutions.

 

This electronic message contains information from The Clovis Group, LLC divisions or subsidiary companies, which may be company sensitive, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify us immediately at  <mailto:helpdesk at clovisgroup.com> helpdesk at clovisgroup.com. With the exception of messages sent by authorized Clovis Group, LLC contracts or purchasing personnel, nothing in this message may be interpreted as a digital or electronic signature that can be used to: (a) authenticate either the submission or the acceptance of a proposal or offer to contract, or (b) modify an existing contract. Any personal data contained in this e-mail is covered under The Privacy Act of 1974.

 

 

-----Original Message-----
From:Alison Shrader alison.mcnamee at owasp.org 
To: "'Megan Dow'" <Megan.Dow at clovisgroup.com>;
Sent: Sep 13, 2010 12:33:00 PM
Subject: RE: Oval

 

Hi Megan,

 

I apologize, but I am not familiar with Oval.  Can you please give me some more details?

 

Best regards,

 

Alison Shrader

OWASP

9175 Guilford Road, Suite 300

Columbia, MD 21046

301-575-0197

alison.shrader at owasp.org

 

 

From: Megan Dow [mailto:Megan.Dow at clovisgroup.com] 
Sent: Monday, September 13, 2010 9:37 AM
To: Alison.mcnamee at owasp.org
Subject: Oval

 

Good moring Alison,

 

George Tselentis referred me to you as a resource in regards to my questions regarding Oval.

 

What is the best way to reach you and are you available to speak today?

 

Thanks,

Megan Dow

Account Executive

CLOVIS

Direct Dial:          301.841.4116

Fax:                   301.365.8498

 

What’s happening at  <http://www.clovisgroup.com/> clovisgroup.com | Follow us on  <http://www.twitter.com/ClovisDC> Twitter.com/ClovisDc

  _____  

Better People. Better Teams. Better Solutions.

 

This electronic message contains information from The Clovis Group, LLC divisions or subsidiary companies, which may be company sensitive, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify us immediately at  <mailto:helpdesk at clovisgroup.com> helpdesk at clovisgroup.com. With the exception of messages sent by authorized Clovis Group, LLC contracts or purchasing personnel, nothing in this message may be interpreted as a digital or electronic signature that can be used to: (a) authenticate either the submission or the acceptance of a proposal or offer to contract, or (b) modify an existing contract. Any personal data contained in this e-mail is covered under The Privacy Act of 1974.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100913/5c3cc9a1/attachment-0002.html>


More information about the Owasp-board mailing list