OASIS Application Vulnerability Description Language TC

Press

Why I Love AVDL
Information Security, Oct 2004

OASIS Endorses Security Language
SDTimes, 1 Aug 2004

Latest Web services spec tackles application flaws
TechTarget, 24 June 2004

OASIS Approves Security Spec for Apps, Web Services
eWeek, 23 June 2004

OASIS Passes Flaw-Reporting Standard
internet.com, 23 June 2004

Security Vulnerabilities for Web Services and Web Apps Addressed by OASIS AVDL 1.0
Web Services Journal, 23 June 2004

Application Vulnerability Description Language (AVDL) Ratified as OASIS Standard
23 June 2004

Feds propose security standards
Government Computer News, March 2004

Standardising security
Computerworld Singapore, 10-23 March 2004
A group of small IT security product vendors took a different route. By working together with the Organisation for the Advancement of Structured Information Standards (Oasis), they have come up with a new standard called the Application Vulnerability Description Language (AVDL). By having a high level of integration, it creates an environment whereby mundane security operations such as patching and reconfiguration can be automated. This creates a more secured web application environment that can meet evolving application requirements and security policies. Furthermore, this will help to free up security administrators to focus on higher-level policy analysis. Another benefit that AVDL brings is improvement in response time.

Security Patching: Easy As 1-2-3
Network Magazine, 3 March 2004
A new Extensible Markup Language (XML)-based specification released last week stands to revolutionize the way security devices communicate with one another, dramatically improving their ability to protect Web-based applications. The standard, called the Application Vulnerability Description Language (AVDL), defines a schema for sharing information about attacks and environmental variables. Over the longer term, AVDL and a sister standard still being developed, the Web Application Security (WAS) specification, could well enable organizations to automate the full life cycle of securing Web-based applications.

Security firms create standard protocol
ComputerWeekly, 26 Feb 2004

Application Security Standard Edges Forward
Information Week, 24 Feb 2004
Gartner VP and analyst John Pescatore says that because of the number of application vulnerabilities that surface each week--sometimes more than 80 are announced--standards such as AVDL can help companies reduce the threat they face from the moment a vulnerability is discovered to the time it takes them to respond and patch.

RSA: Security vendors to build bridges at hot show
InfoWorld, 23 Feb 2004

Security Fears Spark Interest in RSA Conference
Tech News World, 23 Feb 2004

Security Fears Spark Interest in RSA Conference
e-Commerce News, 23 Feb 2004

Application Security Leaders Announce Support for AVDL OASIS Committee Draft
PRNewswire, 23 Feb 2004

Application Security Leaders announce Support for AVDL
EEDesign, 23 Feb 2004

Vulnerability Language Close to Completion
CBR, 23 Feb 2004
The DoE's Computer Incident Advisory Capability currently aggregates and filters vulnerability advisories from a multitude of vendors and researchers on behalf of the government systems administrators that subscribe to its service. CIAC hopes to encourage vendors to issue AVDL descriptions of newfound vulnerabilities, by AVDL-enabling its portal using web services. The agency says this will allow more automation and easier filtering of potential threat data.

Security Vendors to Build Bridges at Hot Show
Computerworld, 23 Feb 2004
AVDL will be a common language among disparate security products and, when widely adopted, will set the stage for a closer integration between vulnerability-detection systems and automated patching and remediation products.

RSA show to highlight new security approaches
Network World Fusion, 23 Feb 2004
"Application vulnerabilities propagate so rapidly today that the old methods of dealing with them no longer suffice," says Gartner analyst John Pescatore, who will participate in panel discussions about AVDL at the show. "New standards like AVDL offer one of the best hopes of breaking this cycle by dramatically reducing the time between the discovery of a new vulnerability and the effective response at enterprise sites."

AVDL integrates application security
Network World Fusion, 23 Feb 2004
AVDL technology delivers on its promise of reducing time, effort and cost, while improving accuracy, reliability and ultimately the security of the installations.

RSA Show to Highlight New Security Approaches
Network World, 23 Feb 2004

Hackers getting new foe
Business Journal, 13 Feb 2004

OASIS Committee Draft for the Application Vulnerability Description Language (AVDL).
Cover Pages, 9 Feb 2004

OASIS helps describe Web vulnerabilities
ITNews Australia, 17 July 2003

OASIS to Help Describe Web Vulnerabilities
WinInfo, 16 July 2003

OASIS to Help Describe Web Vulnerabilities
SecAdministrator, 16 July 2003

OASIS to develop common security language
ComputerWorld, 7 July 2003

OASIS claims XML security standard
ADTMag, 16 April 2003

XML security standard targets hackers
vnunet, 15 April 2003
http://www.pcw.co.uk/News/1140217
Personal Computing World, 15 April 2003

XML-Based Security Spec Aims To Protect Applications
InformationWeek, 15 April 2003

OASIS Takes Up Interoperability Spec For Security Apps
TechWeb, 14 April 2003

Vendors Pitch Application-Security Spec
Information Week, 14 April 2003