[Openvas-plugins] Breaking up NVT Description
Matthew Mundell
matthew.mundell at greenbone.net
Mon Feb 13 13:32:37 CET 2012
> OVAL metadata schema currently has,
>
> Title <-> Overview
> Affected (platform, products) <-> Affected
> Reference (CVE, CPE, other ref's) <-> some NVT's have this, we should use
> for all
> Description <-> Insight
>
> In the new proposal, you add Immune and Solution. OVAL doesn't take care of
> the solution part, OVRL (an upcoming standard) is supposed to handle. I
> feel, we should separate the solution part as of now by adding another XML
> for solution only. The advantage of separation is that, we can add
> superseding information, For example, if App X.X is superseded by X.Y, we
> can always say upgrade to X.Y instead of X.X, if this information is
> captured in the solutions metadata.
Just an idea: how about one single tag that contains XML? The Manager can
parse the XML and this XML can be extended in the future. Perhaps even the
OVAL/OVRL XML formats could be used directly?
This could be a step towards OSP. This might also help with encoding
issues in the descriptions.
--
Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
More information about the Openvas-plugins
mailing list