At 4:38 PM -0400 6/27/07, Paco Hope wrote: > On 6/26/07 5:00 PM, "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]> wrote: > > Would there be value in terms of defining an XML schema that all tools could > emit audit information to? > > You might want to take a look at what the Fortify guys already do. Their > "FVDL" (Fortify Vulnerability Description Language) is XML written to a > specific schema
In the US, the federal government has a lot of that going on: http://nvd.nist.gov/scap.cfm but they only support certain platforms, like Windows. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________