Opsware Announces OVAL Security Compatibility


    Opsware Inc. (NASDAQ:OPSW), the leading provider of Data Center
    Automation software, today announced compatibility certification with
    Open Vulnerability and Assessment Language (OVAL), based on Opsware's
    ability to convert OVAL information alerts into actionable policies
    distributed to customers by The Opsware Network, Opsware's compliance
    and vulnerability subscription service.

    OVAL is an international information security community standard
    to promote open and publicly available security content, and to
    standardize the transfer of this information across the entire
    spectrum of security tools and services. The Opsware Network supports
    and publishes OVAL vulnerability definitions, and within 24 hours can
    generally translate the vulnerability advisories into actionable
    policies that integrate seamlessly into the Opsware Server Automation
    System. This powerful and proactive approach to security enables
    customers to eliminate security gaps within and protect servers from
    outside threats that could potentially wreak havoc on a customer's
    business.

    Opsware automates what has traditionally been a manual process for
    managing vulnerabilities that impact today's IT organization and that
    is typically sourced by individual feeds from multiple data sources.
    This effort is tedious, time-consuming, and can often result in a
    costly and compromised IT environment. Through support of the OVAL
    platform, Opsware leverages the power of the OVAL community to ensure
    a thorough, complete and accurate understanding of emerging threats
    and vulnerabilities that impact today's IT environments. Opsware
    currently supports 1,816 OVAL vulnerability definitions which cover
    1,145 vulnerabilities.

    "OVAL is committed to providing security experts with a common
    language to discuss the technical details of how to maintain
    consistent, secure systems," said Andrew Buttner, MITRE Senior INFOSEC
    Engineer and OVAL Compatibility Lead. "The OVAL Compatibility Program
    ensures that a wide range of tools and services can seamlessly
    exchange security data in OVAL's standard formats. In becoming
    certified OVAL Compatible, The Opsware Network and Server Automation
    System are advancing the state of the art in information security
    through transparent interoperability with other OVAL Compatible tools
    and services."

    After downloading OVAL-based policies from The Opsware Network,
    the Server Automation System immediately applies the policies, saving
    valuable time and eliminating the need to manually build policies
    based on vendor-specific alerts. If vulnerability definitions are not
    available from the OVAL community, Opsware creates its own definitions
    to ensure potential vulnerabilities are addressed. The end result is a
    rapid assessment of vulnerability impact and a dramatic reduction in
    the vulnerability window.

    "Opsware is proud to support OVAL, the leading open standard for
    security content," said Tim Howes, EVP of Research & Development and
    CTO at Opsware Inc. "With our OVAL-certified automation products,
    customers can now leverage the power of the open, community-based OVAL
    standard in protecting their IT environments. OVAL-described
    vulnerabilities can now be detected, audited, and remediated
    automatically, saving customers time and money, and reducing the risk
    to their businesses."

    OVAL is one of several standards in The Security Content
    Automation Protocol developed by several U.S. government
    organizations. For more information on Opsware's work with OVAL,
    please visit: http://www.opsware.com/products/oval.php.

    About OVAL(TM)

    Open Vulnerability and Assessment Language (OVAL) is an
    international, information security, community standard to promote
    open and publicly available security content, and to standardize the
    transfer of this information across the entire spectrum of security
    tools and services. OVAL includes a language used to encode system
    details and an assortment of content repositories held throughout the
    community. The language standardizes the three main steps of the
    assessment process: representing the configuration information systems
    for testing; analyzing the system for the presence of the specified
    state; and reporting the results of this assessment. The repositories
    are collections of publicly available and open content that utilize
    the language.

    About Opsware Inc. (NASDAQ:OPSW)

    Opsware, the world's leading IT automation company, unlocks the
    promise of technology by accelerating IT to zero latency. The
    company's software, the Opsware System, automates the entire data
    center, from provisioning to patching, configuration to compliance and
    discovery to deployment, turning data center operations into a
    competitive advantage for business. Opsware's technology is used by
    hundreds of companies worldwide including banks, service providers,
    retailers, manufacturers and Internet companies with IT environments
    ranging from hundreds to tens of thousands of servers, network
    devices, storage devices and IT processes. For more information on
    Opsware Inc., please visit our Web site at www.opsware.com.

    Opsware is a service mark and trademark of Opsware Inc. All other
    product names, service marks, and trademarks mentioned herein are
    trademarks of their respective owners.