OASIS Approves Security Spec for Apps, Web Services
The Application Vulnerability Description Language 1.0 provides a standard method for exchanging security vulnerability information that may occur in applications and Web services, said officials at the Organization for the Advancement of Structured Information Standards.
The standard is expected to help companies deal with the 80-plus application vulnerability reports that are relayed every week by providing a framework that imports vulnerability assessment data from AVDL (Application Vulnerability Description Language)-compliant application scanners.
That information, combined with firewall, patch management and event correlation software, can provide an overall assessment of risk.
The U.S. Department of Energy is implementing ADVL in its central security incident response unit, OASIS officials said, adding that the National Nuclear Security Administration and some companies are also using the language.