Red Hat is providing easier security management for customers by becoming certified for Open Vulnerability and Assessment Language (Oval) definitions for its Red Hat Enterprise Linux 3 and 4 security advisories.
Red Hat will now produce and support Oval patch definitions to provide a structured and machine-readable version of advisories, allowing Oval-compatible tools to accurately test for the presence of vulnerabilities.
The Oval project, maintained by the Mitre Corporation, is an international information-security effort that promotes open and publicly available security content. It seeks to standardise the transfer of this information across the entire spectrum of security tools and services.
With Oval compatibility, Red Hat Enterprise Linux users can benefit from the use of third party, Oval-compatible patch auditing and compliance tools to audit their systems.
By providing an alternative, machine-readable view of Red Hat security errata advisories, users can now integrate data about vulnerabilities from the Red Hat Security Response team into their existing vulnerability management processes.
All users will continue to use the Red Hat Network to manually or automatically obtain updates in addition to this new security view.
"The translation of Red Hat errata into Oval allows organisations looking to secure Red Hat operating systems to rely on open, standards-based tests that can be digested by assessment tools in order to perform instant and automated evaluations," said Matthew Wojcik, senior information security engineer and Oval moderator at the Mitre Corporation.