OASIS addressed another layer of security concerns around Web services Wednesday when it ratified the Application Vulnerability Description Language (AVDL) 1.0 as a standard, the organization's highest level of ratification. AVDL is an XML schema that enables security products to communicate information about new and existing Web application vulnerabilities between themselves, according to AVDL Technical Committee co-chairman Kevin Heineman. . . .
OASIS addressed another layer of security concerns around Web services Wednesday when it ratified the Application Vulnerability Description Language (AVDL) 1.0 as a standard, the organization's highest level of ratification.

AVDL is an XML schema that enables security products to communicate information about new and existing Web application vulnerabilities between themselves, according to AVDL Technical Committee co-chairman Kevin Heineman.

"This is plugging a pretty big need," said Heineman, who is also the vice president of engineering services at application security software and service provider SPI Dynamics Inc. of Atlanta.

SPI Dynamics products are already AVDL compliant, as are similar offerings from NetContinuum Inc. of Santa Clara, Calif., which sells application security gateway software, and Citadel Security Software Inc. of Dallas, which sells vulnerability management software. NetContinuum and Citadel also have representatives on the AVDL TC.

Research firm Gartner Inc. said close to 80 new application vulnerabilities are announced every week. The AVDL spec takes a step toward reducing the threat posed by the rapidly closing window between the time a vulnerability is announced and when hackers have an exploit ready.

"In the past, there was no good way for customers to do assessments of Web applications to find vulnerabilities and act on them," Heineman said. "With AVDL, customers can now have a seamless way to find vulnerabilities."

The link for this article located at techtarget.com is no longer available.