Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

Vendors Pitch Application-Security Spec


AVDL will be designed to provide a standard way for application vulnerabilities to be defined and classified.

By George V. Hulme
InformationWeek
April 14, 2003 06:45 PM

IT security pros are aware that hackers and data thieves are increasingly targeting software vulnerabilities that traditional intrusion-detection systems, firewalls, and antivirus software do little to defend against. To thwart the growing threats, more companies have been turning to various security products to get the job done: patch-management applications to push software updates across the network; application and vulnerability scanners to find security holes; and application firewalls to block attacks waged against Web apps.

A small group of Internet security companies have an idea they hope will make it easier for administrators to lock down their apps. The group has proposed the Application Vulnerability Description Language to the standards group Oasis. AVDL, based on XML, will be designed to provide a standard way for application vulnerabilities to be defined and classified so all of the applications companies use to secure their apps will speak the same language when it comes to security threats.

More Software Insights

White Papers

Webcasts

Reports

Videos


The company says its 15 on-demand business applications are just the starting point for customizing and building your own tools. Business Guru C.K. Prahalad Talks About What Innovation Means, How Technology Vendors Can Help, And What IT Can Do To Continue Its Own Innovative Practices InformationWeek's John Foley speaks with Cloud9 Analytics' President and CEO, Swayne Hill. Cloud9 Analytics has developed a set of analytic applications for customers of salesforce.com
InformationWeek's John Foley speaks with Cloud9 Analytics' President and CEO, Swayne Hill. Cloud9 Analytics has developed a set of analytic applications for customers of salesforce.com
The group, founded by Citadel Security Software, GuardedNet, NetContinuum, SPI Dynamics, and Teros, hopes to have version 1.0 of the spec completed by year's end. The first full meeting of the Oasis technical committee is slated for May 15.

If it works as promised, AVDL would help security pros better react to newfound software vulnerabilities and attacks, says Pete Lindstrom, research director for Spire Security. Eric Ogren, senior analyst at the Yankee Group, agrees. "This is a good idea to better help companies manage risks to the application security," he says.

The group says that with AVDL, application vulnerability-assessment tools, such as those provided by SPI Dynamics, will be better able to better report on the state of application security throughout an organization at any point in time. Security event managers, such as those made by GuardedNet, will be able to better correlate security problems found in applications with actual security attacks and related events.

Gene Banman, CEO for NetContinuum, which makes network- and application-security appliances, says the developments shows that the application-security market is beginning to mature. The standard will let all security companies focusing on Web apps help customers better secure their apps, he says. "By having a standard protocol for which we can communicate information about vulnerabilities," Banman says, "application intrusion-prevention tools will be able to better understand a company's applications vulnerabilities and then set security policies based on the specific vulnerabilities that we found by these assessment tools."


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.