At 4:38 PM -0400 6/27/07, Paco Hope wrote:
> On 6/26/07 5:00 PM, "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]> wrote:
> 
> Would there be value in terms of defining an XML schema that all tools could 
> emit audit information to?
> 
> You might want to take a look at what the Fortify guys already do. Their 
> "FVDL" (Fortify Vulnerability Description Language) is XML written to a 
> specific schema

In the US, the federal government has a lot of that going on:

http://nvd.nist.gov/scap.cfm

but they only support certain platforms, like Windows.
-- 
Larry Kilgallen
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to