What is OVAL

OVAL is an acronym that stands for Open Vulnerability and Assessment Language. It is an international open standard for describing vulnerabilities and how to look for them. The MITRE Corporation developed OVAL over 20 years ago and first announced it on December 10, 2002. MITRE is now transitioning OVAL over to the Center for Internet Security (CIS). OVAL is the intellectual property of the US Federal Government (US DHS) to ensure it remains open and freely available.

The MITRE Corporation is a private not-for-profit US-based company initially funded by the US Department of Homeland Security (US DHS) to provide engineering and technical guidance for the federal government. To read more about the MITRE Corporation click here.

Center for Internet Security (CIS) is a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™ globally recognized best practices for securing IT systems and data.

Nanitor uses OVAL as their bases for all vulnerability checks.

For more details about OVAL check out the following links - Home / Oval Repository (cisecurity.org) - Frequently Asked Questions | OVAL Documentation (ovalproject.github.io) - Open Vulnerability and Assessment Language - Wikipedia