SSA Security System Analyzer version 1.5.1 released
SSA is based upon the Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.
Changelog for version 1.5.1
- Based on OVAL 5.2 build 11 (bugs fixed)
- Corrected bug in EntityComparator::ParseVersionStr(). Added error checking to the function to enusre that the input version strings are in a valid format.
- Removed VC7 project from source distributions.
- Now SSA relies on CPE (common Platform Enumeration) names to display inventories.
- Now SSA generates (beta testing - only text mode) report with only vulnerabilities and inventories associated with their OVAL ID, CVE and CPE. A really good HTML report is expected for version 1.6 with a bunch of information (CVSS base scores, missed patches and links to references as well as BID)
- SSA now supports VISTA definitions.
- Added Menu Help
- PDF documentation : link to SSA PDF doc.
- OVAL Concept documentation : link to OVAL FAQS.
- CPE Concept documentation : link to CPE docs.
- [NEw Security-Database Feature]: Submit a bug about SSA
- Security-Database Vulnerability Search : Search information into our cross linked Vulnerability database
- Fixed bugs into scan() function
- Handle exception: Error while parsed corrupted XML File (thanks to Drew Buttner from OVAL project)
- Handle exception: Error while using unsupported schema
- Fixed a latency in function "stop/reload"
- Fixed the PATH bug. Now SSA can be installed in any directory.
Special thanks to folks from knowledgecave.com for beta testing
Post scriptum
Compliance Mandates
|
Related Articles
Information Gathering |
|
SSA |
|
Vulnerability Scanner |
|