What is the Open Vulnerability and Assessment Language (OVAL)?

Document created by osantos on Oct 27, 2015
Version 1Show Document
  • View in full screen mode

OVAL is an international community standard to promote open and publicly available security content, and to standardize the transfer of this information in security tools and services.


Cisco PSIRT continues to publish Open Vulnerability and Assessment Language (OVAL) definitions in Cisco IOS security advisories. OVAL speeds up information exchange and processing of such security-related information. Using OVAL security administrators and other users can accelerate the process of detecting software vulnerabilities in Cisco IOS Software. OVAL content (often called “definitions”) can be downloaded directly from Cisco IOS security advisories. Each Cisco IOS security advisory includes a link to the corresponding OVAL definition(s). You can also download OVAL definitions from Cisco’s OVAL Repository.

Cisco has added an RSS feed for customers to be able to download and subscribe to new OVAL definitions for Cisco IOS Software vulnerabilities.