By Antone Gonsalves ,
Security vendors on Monday unveiled a proposed standard that would enable their products to communicate with one another, giving enterprises the option of mixing products rather than buying application suites from one vendor.
The application vulnerability description language, or AVDL, was announced at the security-focused RSA Conference in San Francisco.
The Organization for the Advancement of Structured Information Standards, an international standards body known as OASIS, has established a technical committee for developing AVDL. The committee, which is scheduled to hold its first meeting May 15, is expected to release a final AVDL specification by the fourth quarter of this year.
Four categories of security software could use AVDL for communications: assessment tools, firewalls, patch management, and reporting applications. AVDL would define in extensible markup language (XML) the information each tool could use in coordinating network protection.
For example, an assessment tool that locates an application vulnerability could pass that information to the firewall, so it could block an intruder from taking advantage of the potential security breach. In addition, the information could be sent to a reporting tool that notifies the network administrator of the problem.
While the XML file could contain information related to several security products, each application would parse the file to extract only relevant information, said Brian Cohen, chief executive of Atlanta-based SPI Dynamics. SPI Dynamics joined Citadel Security Software, GuardedNet, NetContinuum, and Teros in submitting the standard proposal to OASIS.
For enterprises, AVDL would give the option of mixing software from several vendors, instead of buying a product suite from one company, Ronald Schmelzer, analyst for high-tech researcher ZapThink LLC, said. "For the people actually buying these tools, the benefits they're going to see is that they're going to have increased choice among vendors," he said.
While not directly related to security issues pertaining to web services, AVDL may become helpful in dealing with new vulnerabilities related to the emerging technologies. "I would argue that Web services will probably introduce quite a few [new vulnerabilities]," Schmelzer said.
Try TechWeb's RSS Feed!UCLA seeking Programmer/Analyst IV in Los Angeles, CA
Transportation Security Administration seeking CIO in Arlington, VA
Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA
SMDC Health System seeking Applications System Analyst 3 in Duluth, MN
ISES, Inc. seeking Techncial Support in Bridgewater, NJ
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
