- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
A group of application security vendors affiliated with the Organization for the Advancement of Structured Information Standards (OASIS) will next week announce a proposal for an XML standard for application vulnerabilities. The announcement will be made at the RSA Conference being held in San Francisco.
The group, made up of Citadel Security Software, GuardedNet, NetContinuum, SPI Dynamics and Teros, is promoting the development of the Application Vulnerability Description Language (AVDL), which is intended to standardize information about application vulnerabilities, enabling different products to share vulnerability information in a heterogenous network environment, according to a statement released by the five companies.
The AVDL group submitted its idea to OASIS for study. In turn, OASIS has created a technical committee to develop an XML definition for exchanging information on the security vulnerabilities of applications exposed to networks.
A draft specification from the AVDL Technical Committee is scheduled for September, with a final specification due in December, according to OASIS.
If widely adopted, the AVDL standards will enable customers to deploy diverse "best of breed" security technology to protect their network without having to sacrifice integration and interoperability, according to Wes Wasson, chief security strategy officer at NetContinuum.
Though initially intended to foster interoperability among the products of the five sponsoring companies, AVDL has the potential to be adopted by additional product platforms and to move further up the development chain, according to Brian Cohen, CEO of SPI Dynamics.
AVDL backers hope that development platform vendors and OASIS members such as Microsoft, BEA Systems and IBM will join the AVDL Technical Committee and help shape the development of the AVDL standard so that it can be easily integrated with their development environments, according to Cohen.
Asked about the potential of resistance from those large companies, or from companies that are wary of more standards, Wasson and Cohen said that demand from their customers was driving them to promote the AVDL standard.
"Customers are drowning in the complexity of the application security problem," Wasson said. "Our customers are driving this. They see it as a real business solution to real business problems."
The Leader in Network Knowledge
Comment