New standards like AVDL offer one of the best hopes of breaking this cycle by dramatically reducing the time between the discovery of a new vulnerability and the effective response at enterprise sites.
AVDL addresses the business problem of how companies manage ongoing application security risk on a day-to-day basis.
Several vendors will be demonstrating AVDL interoperability of their products at the 2004 RSA Conference to highlight the growing maturity and commercial viability of AVDL automation.
AVDL provides a rich XML schema that fully describes web application security properties and vulnerabilities.
The scanner then sends its assessment in the form of a set of AVDL probes to other security devices.
Participants in the application security field -- end users, vendors, and researchers alike -- are invited to bring their experience and expertise to help shape the future of AVDL and the security community.
The AVDL Technical Committee will focus on defining a schema that enables easier communication and coordination between any of the various security entities that address application security, including, but not limited to: application vulnerability assessment tools, application security gateways, reporting tools, correlation systems, and remediation tools.
The first meeting of the full OASIS Technical Committee for AVDL has been scheduled for May 15, 2003.
The AVDL standard will make it easier for organizations to share data more effectively and integrate vulnerability identification and remediation across the entire enterprise more quickly in order to keep up with the constant issue of cyberthreats.
With AVDL, enterprise customers will be able to select best-of-breed products in each of these categories and receive the full benefits of multi-vendor product interoperability.
We support the development of standards like AVDL whose goal is to enable tighter security defenses by allowing vulnerability management data to be shared between multiple application and network layer security systems.