Open Vulnerability and Assessment Language (OVAL) is a language for specifying automated tests of system configurations and defines the format for the results of such assessments. Vendors include OVAL specifications in vulnerability advisories to share information about vulnerabilities and misconfigurations in a machine-readable format. OVAL may also be used to distribute descriptions of threat indicators.
The language provides a framework for making assertions about a machine’s state by standardizing the three main steps of the assessment process: representing the machine state of a system for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, ...); and reporting the results of this assessment.
Related to: STIX, IODEF-SCI, SCAP, OpenVAS.
Address: https://oval.cisecurity.org/