ARTICLE

Oval version 5.3 2nd Canditate available

Tuesday 5 June 2007

Open Vulnerability and Assessment Language (OVAL™) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.

Version 5.3 of the Official OVAL Language is a direct result of feedback from the OVAL Community. This will be a minor version change and may require some new development by tools that support earlier versions of the Language. The changes pending to the different schemas are outlined below.

Version 5.3 of the OVAL Schema will include the following:

updated documentation
added sql test to the independent schema
changed the datatype of the comment attribute to not accept empty strings
added include_group and resolve_group behaviors to the windows accesstoken_object
modified the schematron of the rpminfo_state to allow ’version’ as a valid datatype for the and entities
added new privileges to the windows accesstoken_test
added an optional mask attribute fixed a schema error that had a_time, c_time, and m_time defined as strings, changed to ints
added the audit event policy subcategories test to the windows schema
added a schematron rule in certain places to validate that an int value was supplied when a datatype of int was declared
added a share permission test to the windows schema
added a printer effective rights test
changed the trustee_name entity to trustee_sid for existing effective rights and audit permission tests, deprecated the original tests
added a check_existence attribute to and OVAL Test
added the ’none satisfy’ value to the existing check attribute of an OVAL Test
added a ONE operator to the criterion element
added a user access control test
modified the hp-ux patch test