WebApp Sec mailing list archives
RE: [WEB SECURITY] What is the status of AVDL
From: "Kurt R. Roemer" <kroemer () netcontinuum com>
Date: Wed, 10 May 2006 07:38:43 -0500
Dinis- AVDL v1.0 was adopted as an OASIS standard and has been implemented in several products. The products I am aware of are SPI Dynamics WebInspect, Nikto, and the NetContinuum WAF. In addition to http://www.avdl.org, information on AVDL can be found at: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=avdl The public database for AVDL never materialized, but, as you mentioned, would be very beneficial in the adoption and usage of this standard. The AVDL committee was disbanded last year due to lack of participation in future standards efforts and was officially closed by OASIS in January 2006. There was an effort underway to develop AVDL v2.0, but we were unable to obtain the required participation from 3 vendors. I was the last Chair of the OASIS AVDL committee. If there's interest (and the required vendor commitment) in starting this back up, please contact me. -Kurt Kurt R. Roemer VP & Chief Technology Officer NetContinuum, Inc. 847-420-7846 Mobile kroemer () netcontinuum com http://www.netcontinuum.com -----Original Message----- From: Dinis Cruz [mailto:dinis () ddplus net] Sent: Tuesday, May 09, 2006 5:16 PM To: webappsec () securityfocus com; websecurity () webappsec org Subject: [WEB SECURITY] What is the status of AVDL Ok, so I can see from www.advl.org and Oasis that the AVDL standard was published in 2004. My question are 1) What is the status of this standard?. 2) Who has adopted it on current versions of their product? 3) Is there a public database of AVDL? 4) How are the different AVDL users synchronizing the: Title, Summary Classification name Classification score (i..e the Risk rating) A public database (of AVDL items) looks like a very important piece of the puzzle and it would be very useful it does exist somewhere. Dinis Cruz Owasp .Net Project www.owasp.net - Sponsored Advertisement -------------------------------------------------- The Software Security Summit is the only event that addresses security issues at the application development level. Join us Jun 5-7, Baltimore, MD. http://www.s-3con.com ---------------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/ ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h --------------------------------------------------------------------------
Current thread:
- What is the status of AVDL Dinis Cruz (May 10)
- RE: [WEB SECURITY] What is the status of AVDL Kurt R. Roemer (May 10)