Customers should ultimately
be given the benefit of interoperability between all vendors in each
category of the application security lifecycle, allowing them to
select those products that offer the most useful functionality for
their unique and individual requirements.
AVDL Benefits Throughout the Application Lifecycle:
Developers and Quality Assurance
During the application development and testing phases, AVDL will serve
as a standard language used by developers and QA testers to identify
and remediate pre-production risks. Finding and correcting security
defects early in the application lifecycle is a proven method of
overall cost reduction.
Security Operations
During the application production phase, AVDL will improve the responsiveness
and effectiveness of attack prevention products by enabling them
to read incoming AVDL files and automatically generate policies
based on new vulnerabilities, attack activity or patches deployed.
In addition to vulnerabilities discovered by application assessment/scanning
products, AVDL descriptions will also be added directly to security
alerts issued by application vendors and security research organizations.
These AVDL inputs will also serve as a consistent communication
mechanism for remediation and patching products, allowing them
to read vulnerability assessments from different scanning tools
to improve the vulnerability reporting process and appropriate
vulnerability remediation. Event management tools will be able
to correlate vulnerabilities with actual security events and prioritize
accordingly.
Auditors
In post-production, auditors will spend less time understanding various
reports from disparate sources and more time documenting their
findings. Ultimately, customers will benefit from both reduced
application security risk and decreased total cost of operations
and ownership.
|
Who
benefits from AVDL?
