Opsware Inc. (NASDAQ:OPSW), the leading provider of Data Center
Automation software, today announced compatibility certification with
Open Vulnerability and Assessment Language (OVAL), based on Opsware's
ability to convert OVAL information alerts into actionable policies
distributed to customers by The Opsware Network, Opsware's compliance
and vulnerability subscription service.
OVAL is an international information security community standard
to promote open and publicly available security content, and to
standardize the transfer of this information across the entire
spectrum of security tools and services. The Opsware Network supports
and publishes OVAL vulnerability definitions, and within 24 hours can
generally translate the vulnerability advisories into actionable
policies that integrate seamlessly into the Opsware Server Automation
System. This powerful and proactive approach to security enables
customers to eliminate security gaps within and protect servers from
outside threats that could potentially wreak havoc on a customer's
business.
Opsware automates what has traditionally been a manual process for
managing vulnerabilities that impact today's IT organization and that
is typically sourced by individual feeds from multiple data sources.
This effort is tedious, time-consuming, and can often result in a
costly and compromised IT environment. Through support of the OVAL
platform, Opsware leverages the power of the OVAL community to ensure
a thorough, complete and accurate understanding of emerging threats
and vulnerabilities that impact today's IT environments. Opsware
currently supports 1,816 OVAL vulnerability definitions which cover
1,145 vulnerabilities.
"OVAL is committed to providing security experts with a common
language to discuss the technical details of how to maintain
consistent, secure systems," said Andrew Buttner, MITRE Senior INFOSEC
Engineer and OVAL Compatibility Lead. "The OVAL Compatibility Program
ensures that a wide range of tools and services can seamlessly
exchange security data in OVAL's standard formats. In becoming
certified OVAL Compatible, The Opsware Network and Server Automation
System are advancing the state of the art in information security
through transparent interoperability with other OVAL Compatible tools
and services."
After downloading OVAL-based policies from The Opsware Network,
the Server Automation System immediately applies the policies, saving
valuable time and eliminating the need to manually build policies
based on vendor-specific alerts. If vulnerability definitions are not
available from the OVAL community, Opsware creates its own definitions
to ensure potential vulnerabilities are addressed. The end result is a
rapid assessment of vulnerability impact and a dramatic reduction in
the vulnerability window.
"Opsware is proud to support OVAL, the leading open standard for
security content," said Tim Howes, EVP of Research & Development and
CTO at Opsware Inc. "With our OVAL-certified automation products,
customers can now leverage the power of the open, community-based OVAL
standard in protecting their IT environments. OVAL-described
vulnerabilities can now be detected, audited, and remediated
automatically, saving customers time and money, and reducing the risk
to their businesses."
OVAL is one of several standards in The Security Content
Automation Protocol developed by several U.S. government
organizations. For more information on Opsware's work with OVAL,
please visit: http://www.opsware.com/products/oval.php.
About OVAL(TM)
Open Vulnerability and Assessment Language (OVAL) is an
international, information security, community standard to promote
open and publicly available security content, and to standardize the
transfer of this information across the entire spectrum of security
tools and services. OVAL includes a language used to encode system
details and an assortment of content repositories held throughout the
community. The language standardizes the three main steps of the
assessment process: representing the configuration information systems
for testing; analyzing the system for the presence of the specified
state; and reporting the results of this assessment. The repositories
are collections of publicly available and open content that utilize
the language.
About Opsware Inc. (NASDAQ:OPSW)
Opsware, the world's leading IT automation company, unlocks the
promise of technology by accelerating IT to zero latency. The
company's software, the Opsware System, automates the entire data
center, from provisioning to patching, configuration to compliance and
discovery to deployment, turning data center operations into a
competitive advantage for business. Opsware's technology is used by
hundreds of companies worldwide including banks, service providers,
retailers, manufacturers and Internet companies with IT environments
ranging from hundreds to tens of thousands of servers, network
devices, storage devices and IT processes. For more information on
Opsware Inc., please visit our Web site at www.opsware.com.
Opsware is a service mark and trademark of Opsware Inc. All other
product names, service marks, and trademarks mentioned herein are
trademarks of their respective owners.