Dinis-
AVDL v1.0 was adopted as an OASIS standard and has been
implemented in
several products. The products I am aware of are SPI
Dynamics WebInspect,
Nikto, and the NetContinuum WAF.
In addition to http://www.avdl.org,
information on AVDL can be found at:
http://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=avdl
The public database for AVDL never materialized, but, as you
mentioned,
would be very beneficial in the adoption and usage of this
standard.
The AVDL committee was disbanded last year due to lack of
participation in
future standards efforts and was officially closed by OASIS
in January 2006.
There was an effort underway to develop AVDL v2.0, but we
were unable to
obtain the required participation from 3 vendors. I was the
last Chair of
the OASIS AVDL committee.
If there's interest (and the required vendor commitment) in
starting this
back up, please contact me.
-Kurt
Kurt R. Roemer
VP & Chief Technology Officer
NetContinuum, Inc.
847-420-7846 Mobile
kroemer netcontinuum.com
http://www.netcontinuum.c
om
-----Original Message-----
From: Dinis Cruz [mailto:dinisddplus.net]
Sent: Tuesday, May 09, 2006 5:16 PM
To: webappsecsecurityfocus.com; websecuritywebappsec.org
Subject: [WEB SECURITY] What is the status of AVDL
Ok, so I can see from www.advl.org and Oasis that the AVDL
standard was
published in 2004.
My question are
1) What is the status of this standard?.
2) Who has adopted it on current versions of their
product?
3) Is there a public database of AVDL?
4) How are the different AVDL users synchronizing the:
Title,
Summary
Classification name
Classification score (i..e the Risk rating)
A public database (of AVDL items) looks like a very
important piece of
the puzzle and it would be very useful it does exist
somewhere.
Dinis Cruz
Owasp .Net Project
www.owasp.net
- Sponsored Advertisement
--------------------------------------------------
The Software Security Summit is the only event that
addresses security
issues at the application development level. Join us Jun
5-7, Baltimore, MD.
http://www.s-3con.com
------------------------------------------------------------
----------------
The Web Security Mailing List
http://ww
w.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
h
ttp://www.webappsec.org/lists/websecurity/archive/
------------------------------------------------------------
-------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security
Assessment
With the rapid rise in the number and types of security
threats, web
application security assessments should be considered a
crucial phase in
the development of any web application. What methodology
should be
followed? What tools can accelerate the assessment process?
Download this whitepaper today!
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701300000007t9h
------------------------------------------------------------
--------------
|