How does a vulnerability or exposure become an OVAL definition?
The OVAL Repository uses the publicly known vulnerabilities identified in the CVE List as the basis for its vulnerability definitions. Draft definitions against these vulnerabilities, configuration issues, and patches are written by members of the OVAL Repository community and submitted to the OVAL Repository Moderator for public comment and review. Public comments on new definitions are made on the Discussion List, a lightly moderated public forum for discussing the definitions in the OVAL Repository. After discussion has subsided, any modifications to new definitions are published in the OVAL Repository. Definitions are posted with “DRAFT,” “INTERIM,” or “ACCEPTED” status.
Related Questions
- What is IGEMS?The definition of IGEMS is "Internet Geographical Exposure Modeling System".How to abbreviate Internet Geographical Exposure Modeling System?
- Where does OVAL find out about the vulnerabilities used in the Vulnerability Definitions?
- How does a vulnerability or exposure become an OVAL definition?
