OVAL is an international community standard to promote open and publicly available security content, and to standardize the transfer of this information in security tools and services.

Cisco PSIRT continues to publish Open Vulnerability and Assessment Language (OVAL) definitions in Cisco IOS security advisories. OVAL speeds up information exchange and processing of such security-related information. Using OVAL security administrators and other users can accelerate the process of detecting software vulnerabilities in Cisco IOS Software. OVAL content (often called “definitions”) can be downloaded directly from Cisco IOS security advisories. Each Cisco IOS security advisory includes a link to the corresponding OVAL definition(s). You can also download OVAL definitions from Cisco’s OVAL Repository.

Cisco has added an RSS feed for customers to be able to download and subscribe to new OVAL definitions for Cisco IOS Software vulnerabilities.

References:

• Cisco Security Blogs about OVAL
• Security Automation Using OVAL Whitepaper
• Cisco IOS OVAL Content: Frequently Asked Questions
• CIS OVAL Website
• How to Use Cisco IOS OVAL Machine Readable Content with jOVAL