OASIS Heimdall Data Format (OHDF) TC

Join TC     TC Page     Send a comment to this TC

Developing a standard vendor-agnostic data format to support cybersecurity product interoperability without the need for customized integrations.

Aaron Lippold, alippold@mitre.org, TC Convener

Announcements

The first meeting of the OHDF TC is scheduled for 21 February 2023 at noon US eastern time. More information will be posted here.

Participation in the OHDF TC is open to all interested parties. Contact join@oasis-open.org for more information.


Overview

The OHDF TC's goal is to develop a common format for exchanging normalized security data between cybersecurity tools. A standard vendor-agnostic data format will support cybersecurity product interoperability without having to create customized integrations.

Security tools typically generate data in unique formats that require multiple dashboards and utilities to review. This leads to a time-consuming process for completing security assessments, data in disparate locations and inconsistent semantics of data elements across formats. In addition, few security tools provide context to relevant compliance standards for comparison across security tools.

Numerous stakeholders and adopters can benefit from the work of the OHDF TC:

  • For Commercial and Vendor Cybersecurity Partners, OHDF defines a standardized, interoperable target format that vendor tools can consume across their customer base consistently and that is easily managed within the product lifecycle.
  • For the Open Source Community, OHDF enables easy integration with commercial solutions without the need for direct partnerships.
  • For Government Agencies, OHDF can streamline business processes by having a standard, open source, machine-readable format for all security data.
  • For Academia, OHDF offers a structured way to communicate and enhance research findings throughout the security community.
  • For Corporate and Federal CISOs/CIOs, OHDF can increase visibility across the enterprise by taking advantage of normalized security data in a standard format that supports risk information interoperability from a broad range of inputs to support security risk decision-making.
  • For Security Engineers, OHDF can reduce resource requirements for multiple security data types by standardizing formatting across disparate security tools.
  • For Risk Managers, OHDF can improve decision making by using a standardized format to facilitate automation, standardize communication requirements, and inform risk-based analysis.
  • For DevSecOps/Software Engineers, OHDF can streamline CI/CD processes by leveraging a standardized format to collate/aggregate normalized security data to support automated and continuous security processes.

For more information, see the OHDF TC Charter.


Mailing Lists and Comments

ohdf: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives.

ohdf-comment: a public mailing list for providing feedback on the technical work of the OHDF TC. To send a comment, follow the instructions on the TC's public web page here or view the OASIS comment list archives.


Press Coverage and Commentary



Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.