Red Hat has announced compatibility certification with Open Vulnerability and Assessment Language (OVAL) definitions for Red Hat Enterprise Linux 3 and 4 security advisories. Red Hat will now produce and support OVAL patch definitions to provide a structured and machine-readable version of advisories, allowing OVAL-compatible tools to accurately test for the presence of vulnerabilities.
With OVAL compatibility, Red Hat Enterprise Linux users can benefit from the utilization of third-party, OVAL-compatible patch auditing and compliance tools to audit their systems. By providing an alternative, machine-readable view of Red Hat security errata advisories, users can now integrate data about vulnerabilities from the Red Hat Security Response team into their existing vulnerability management processes. All users will continue to use Red Hat Network to manually or automatically obtain updates in addition to this new security view.
“As a founding member of the OVAL board, we´ve been working with the MITRE Corporation on OVAL for many years,” said Mark J. Cox, Red Hat Security Response Team Lead, Red Hat. “Just as the MITRE CVE project has become common for dealing with vulnerability patches, we expect the same rapid adoption for the OVAL project. This initiative forms part of our commitment to make the deployment of security ubiquitous through the use of industry-wide standards.”
“The translation of Red Hat errata into OVAL allows organizations looking to secure Red Hat operating systems to rely on open, standards-based tests that can be digested by assessment tools in order to perform instant and automated evaluations,” said Matthew Wojcik, Senior Information Security Engineer and OVAL Moderator, the MITRE Corporation. “By pursuing OVAL compatibility, Red Hat has declared their commitment to open standards and is helping to raise the bar for patch management and vulnerability assessment in the marketplace.”