OASIS Approves Security Spec for Apps, Web Services
The Application Vulnerability Description Language 1.0 provides a standard method for exchanging data on security vulnerabilities.To help companies better handle the influx of application and Web service security alerts, the OASIS standards consortium on Wednesday announced the ratification of a new standard. The Application Vulnerability Description Language 1.0 provides a standard method for exchanging security vulnerability information that may occur in applications and Web services, said officials at the Organization for the Advancement of Structured Information Standards. The standard is expected to help companies deal with the 80-plus application vulnerability reports that are relayed every week by providing a framework that imports vulnerability assessment data from AVDL (Application Vulnerability Description Language)-compliant application scanners.
That information, combined with firewall, patch management and event correlation software, can provide an overall assessment of risk.