At 4:38 PM -0400 6/27/07, Paco Hope wrote:
> On 6/26/07 5:00 PM, "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]> wrote:
> Would there be value in terms of defining an XML schema that all tools could 
> emit audit information to?
> You might want to take a look at what the Fortify guys already do. Their 
> "FVDL" (Fortify Vulnerability Description Language) is XML written to a 
> specific schema

In the US, the federal government has a lot of that going on:

but they only support certain platforms, like Windows.
Larry Kilgallen
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to