What information is included in an OVAL definition?
“OVAL definitions” are machine-readable, gold standard tests that definitively determine whether the specified software vulnerability, configuration issue, program, or patch is present on a system. There are four main classes of OVAL definitions: • OVAL Vulnerability Definitions — Tests that determine the presence of vulnerabilities on systems. • OVAL Compliance Definitions — Tests that determine whether the configuration settings of a system meets a security policy. • OVAL Inventory Definitions — Tests that whether a specific piece of software is installed on the system. • OVAL Patch Definitions — Tests that determine whether a particular patch is appropriate for a system. A “Miscellaneous” class is also available for definitions that do not fall into any of the four main classes. Each OVAL definition includes metadata, a high-level summary, and the detailed definition. Definition metadata provides the OVAL-ID, status of the definition (Draft, Interim, or Accepted), the CVE name or ot
