A host deployed vulnerability assessment system based on OVAL

Vulnerability is a weakness which allow attacker to reduce a system's information assurance. Many security problems are caused by vulnerabilities. Part of them can be identified and assessed in virtue of vulnerability assessment tools. However, current vulnerability assessments involve in some drawbacks, such as high false positive rate, long assessing time and requirement of attack codes. Aiming at the problems above, we proposed a vulnerability assessment system based on OVAL (Open Vulnerability Assessment Language). And we optimize the assess method of OVAL definitions. Compared with traditional assessment system, and proved by our experiments it is of high accuracy, low assessing time as a result of host-deployed and OVAL. © 2010 IEEE.