Keeping up with the latest vulnerabilities -- especially in the context of the latest threats -- can be a real challenge. Real-time analysis and proactive response to these new threats is only possible using real-time feeds of the latest and greatest vulnerability data.
But where can you get this data? If you’re relying on a vendor to provide this service, where should they be getting this data? Harry Wan, CTO and co-founder from DatumSec contributes to the cause.
Open Vulnerability And Assessment Language (OVAL) Interpreter And Repository
OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community. A community-developed language for determining vulnerability and configuration issues on computer systems, OVAL is co-sponsored by the office of Cybersecurity and Communications at the US Department of Homeland Security.
“OVAL’s interpreter, together with the repository, provides the recipient with information about whether a particular vulnerability exists on a system,” says Harry Wan, chief technology officer and co-founder of DatumSec. “This information proves extremely useful when determining on-premises third-party risk scores.”