Based on OVAL framework, Open Vulnerability and Assessment Language
By Security-database.com

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

• OVAL-compatible product
• Fully support of open security standards and initiatives (CVE, OVAL, CCE, CPE, CWE, CAPEC, CVSS, CRF)
• Perform a deep inventory audit on installed softwares and applications
• Scan and map vulnerabilities using non-intrusive techniques based on schemas
• Detect and identify missed patches and hotfixes
• Define a patch management deployment strategy using CVSS scores

Mitre.org defines OVAL as following:

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process :

• Representing configuration information of systems for testing;
• Analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.);
• Reporting the results of this assessment.

For any information about OVAL, you should refer to http://oval.mitre.org.
For any information about Making Security Measurable, please refer to http://measurablesecurity.mitre.org/

Suggestions, bug reporting to the author ssa@security-database.com