OASIS Approves Security Spec for Apps, Web Services

By Renee Boucher Ferguson  |  Posted 2004-06-23
To help companies better handle the influx of application and Web service security alerts, the OASIS standards consortium on Wednesday announced the ratification of a new standard.

The Application Vulnerability Description Language 1.0 provides a standard method for exchanging security vulnerability information that may occur in applications and Web services, said officials at the Organization for the Advancement of Structured Information Standards.

The standard is expected to help companies deal with the 80-plus application vulnerability reports that are relayed every week by providing a framework that imports vulnerability assessment data from AVDL (Application Vulnerability Description Language)-compliant application scanners.

That information, combined with firewall, patch management and event correlation software, can provide an overall assessment of risk.

Click here to read about OASIS work on building an electronic business architecture.

The U.S. Department of Energy is implementing ADVL in its central security incident response unit, OASIS officials said, adding that the National Nuclear Security Administration and some companies are also using the language.

Check out eWEEK.coms Developer & Web Services Center at http://developer.eweek.com for the latest news, reviews and analysis in programming environments and developer tools.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

Rocket Fuel