SSA Security System Analyzer version 1.5.2 released

SSA (Security System Analyzer) is a non-intrusive OVAL-Compatible policy compliance and vulnerability assessment software. It provides auditors and security officers a comprehensive solution to keep pace with security compliance requirements (patch management, vulnerability management, software inventories...)


  • Based on OVAL 5.3 build 20 (see OVAL project for more information)
  • SSA now supports SCAP (Security Content Automation Protocol). The XML SCAP files are extracted using our new SCAP Parser (SCAP_Patch_Extractor). The coming release of SSA should be completely compatible with XCCDF.
  • SSA now supports scan for missed patches (using SCAP format)
  • Added Windows XP Patches definition file
  • Added Windows Vista Patches definition file
  • Added Windows 2000 Patches definition file
  • Added Office 2007 Patches definition file
  • Added Internet explorer 7 patches definition file
  • Updated OVAL XML Viewer Plugin
  • Updated database to 2039 definitions
  • Added support to CVE search (ex: CVE-2007-* will return all CVEs in 2007 used along with their appropriate OVALids.)
  • Bugs fixed

Documentation should be available by the end of the week.

Any suggestions, please report it to