AVDL becomes a standard

Posted by ivanr on June 15, 2004.

Application Vulnerability Description Language (AVDL) has been approved as an OASIS standard last week (see email from Karl F. Best). AVDL is an XML-based protocol for transfer of vulnerability information from scanner tools to protection (or security management) systems. Having been in the draft state for some time now, most of the big web security software scanner tool vendors already support it.

Posted by ivanr at 10:20 PM

Security patterns repository

Posted by ivanr on June 03, 2004.

I am a great fan of security patterns. Unfortunately, they don't seem to be popular these days. I was having particularly hard time recently finding some information I knew existed (because I read it long time ago). I was looking for a security pattern repository that was hosted at patterns.nailabs.com. ~~The web site is gone now but the work is still preserved here.~~ (Update: The link does not work any more. Here are the copies I made: doc 1, doc 2, doc 3.) The main document consists of 166 pages and documents 29 patterns. Recommended reading!

Posted by ivanr at 11:05 PM