Open Vulnerability and Assessment Language

Overview
Open Vulnerability and Assessment Language (OVAL) is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.

Tools and services that use OVAL for the three steps of system assessment &mdash; representing system information, expressing specific machine states, and reporting the results of an assessment &mdash; provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services.