Scope on Application Vulnerability Description Language
by Berislav Kucan - Thursday, 25 November 2004.
The Application Vulnerability Description Language (AVDL) is a rather new security interoperability standard within the Organization for the Advancement of Structured Information Standards (OASIS) that was first proposed in April 2003 by several leaders within the application security space. AVDL creates a uniform way of describing application security vulnerabilities using XML.
Caleb Sima, SPI Dynamics CTO, talks to Help Net Security about this interesting web application security topic. Some of the questions you can get answers to by listening to the audio include:
When and why was AVDL introduced
Who should care about AVDL
Is there a need for similiar concepts or AVDL is the thing
What vendors participate in AVDL
Would other vendors benefit from participating in AVDL
Is AVDL a success at this point
The audio session is 8:17 minutes long and is streamed in Flash format. If you can't see the controls below, download Flash here.
Posted on 17 April 2014. | Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.
Posted on 17 April 2014. | More effective collaboration between government and the infosec industry is crucial to protecting organizations from cyber threats. More work needs to be done to strengthen government’s position as a source of information on potential threats.
Posted on 16 April 2014. | A new study exposes a severe gap in security visibility between C-level executives and IT security staff. 60% of IT security staff are informing executives of specific risks only when the risk is deemed serious, or not at all – and in more than half of the cases, actively omitting negative facts.
Posted on 14 April 2014. | Tom Quillin is the Director of Cyber Security Technology and Initiatives at Intel Corporation. In this interview he talks about security innovation, current and future threats.