OVAL is the Open Vulnerability Assessment Language, which uses XML based documents to define vulnerabilities based on characteristics of a host system. It can also be used to gather information about the host. When an OVAL file is evaluated, it generates a report file with the results of the vulnerability evaluation or a system characteristics file containing information gathered from the host.

OVAL Definitions, OVAL System Characteristics and OVAL Results

These capabilities are achieved through three distinct document types: OVAL Definitions, OVAL System Characteristics and OVAL Results. The specific format for each type is defined by a Schema, which is a document that contains rules that the structure of the OVAL document must adhere to. These rules include instructions such as the order that elements must appear, how often an element can appear, if the element is required or not, which attributes an element has, and what type of data can be contained within an element.

Validation of an XML file is the process of evaluating whether it conforms to the format described by the schema. If it conforms to the schema, it is considered valid.   

An OVAL interpreter is an executable which evaluates OVAL Definition files and produces OVAL System Characteristic files and OVAL Results. Since System Characteristics and Results are both generated by the interpreter when an OVAL Definition file is processed, it is the interpreter’s responsibility to ensure that the files it generates adhere to the specified schemas. 

The OVAL Definition file, which details the information to be queried from a host and how that data should be evaluated, can be written manually or generated automatically. This means that Definition files may be generated incorrectly due to errors or typos that fail to conform to the schema. Generally, invalid Definition files should be rejected (Read more...)