OASIS Application Vulnerability Description Language (AVDL) TC

TC Page     Send a comment to this TC


Table of Contents


The goal of AVDL is to create a uniform way of describing application security vulnerabilities. The OASIS AVDL TC creates an XML definition for exchange of information relating to security vulnerabilities of applications exposed to networks. For example, the owners of an application may use a scanning tool to test their application for exposed vulnerabilities to various types of malicious attacks. That tool may catalogue and record vulnerabilities detected into an XML file in AVDL format. That AVDL information may be utilized by application security gateways to recommend the optimal attack prevention policy for that specific application. Remediation products could use AVDL files to suggest the best course of action for correcting problems, while reporting tools could use AVDL to correlate event logs with areas of known vulnerability.

For more information, see the TC Charter and FAQ.

Technical Work Produced by the Committee

Application Vulnerability Description Language (AVDL) v1.0 [OASIS 200403]

MSWord format

PDF format

External Resources

Although not produced by the OASIS Application Vulnerability Description Language (AVDL) TC, the following information offers useful insights into its work.

OASIS Forms TC for Application Vulnerability Description Language (AVDL).
CoverPages, 2 April 2003

OASIS Committee Draft for the Application Vulnerability Description Language (AVDL).
Cover Pages, 9 Feb 2004

Application Security Standards

Mailing Lists and Comments

avdl: the list used by TC members to conduct Committee work. TC membership required to post. TC members are automatically subscribed; the public may view archives.

avdl-comment: a public mail list for providing input to the OASIS AVDL Technical Committee members. Send a comment or view archives.

avdl-dev: an unmoderated, public mail list that provides an open forum for developers to exchange ideas and information on implementing the AVDL OASIS Standard. Subscribe or view archives.*

*To minimize spam, you must subscribe to these lists before posting.

Additional Information

If you are interested in obtaining a product that generates AVDL output, please go to www.spidynamics.com. You can download a trial version of WebInspect. The trial version contains a sample scan of a test site that you can generate AVDL output through the "Export" function.

Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.