What is AVDL? Who benefits from AVDL? Industry support and momentum Who is driving the AVDL initiative Press coverage & more info How to participate  
Quotes from supporting industry vendors and customers

 

 

  • Cenzic,security quality assurance tools
  • CIAC,Department of Energy
  • Citadel, security remediation
  • GuardedNet, security event management
  • NetContinuum, application security gateway (co-chair, AVDL TC)
  • Qualys, on-demand network security audits
  • SPI Dynamics, application vulnerability assessment (co-chair, AVDL TC)
  • Teros, application attack prevention
  • WhiteHat, web application security software services

 


Cenzic, Inc. (www.cenzic.com), a provider of security quality assurance tools for custom applications and network infrastructures, plans to implement AVDL into its product line. “AVDL is the perfect complement to the Cenzic vision of making it easier for application security experts, network operators and QA professionals to work together,” said XX, title at Cenzic. “We are excited to see the AVDL standard reach completion on schedule, and look forward to implementing it in the Cenzic product line.”


Department of Energy – CIAC (www.ciac.org), the central security incident response organization for the Department of Energy (DOE) and National Nuclear Security Administration (NNSA), plans to AVDL-enable its new Security Incident Response Portal. “CIAC plays a vital role in monitoring daily security alerts, disseminating relevant information to our users and helping them respond quickly to new threats,” said John Dias, Senior Security Analyst at the DOE-CIAC. Unfortunately, this process is far too labor-intensive today. “To help address this growing problem, CIAC will debut a new Security Incident Response Portal this spring based on a Web Services architecture that is AVDL-aware. This will allow the CIAC Portal to automatically interpret new application security alerts published in AVDL format and disseminate this information to security managers far more quickly than is currently possible.”



Citadel Security Software (www.citadel.com) (OCTBB:CDSS), a leader in automated vulnerability remediation and policy compliance solutions, has implemented the AVDL standard in its Hercules product line. “As a provider of vulnerability remediation and policy enforcement solutions, Citadel’s goal is to offer enterprise customers a full life cycle vulnerability management solution,” said Citadel CTO Carl Banzhof. “With the introduction of AVDL 1.0, we extend our capability to provide interoperability between industry-leading network and application security technologies and our vulnerability management solutions. Private enterprise and public sector customers will benefit enormously from the greater flexibility and consistency for implementing security policies with a standard approach to managing vulnerability data.”


GuardedNet, Inc. (www.guarded.net), a provider of security event management software solutions, believes implementing AVDL will further the company’s vision integrating best-of-breed product capabilities with the ease of use and stability expected from a single vendor suite of products. “As providers of a security event management platform, GuardedNet is a strong proponent of standards for communicating security event data,” said Rich Telljohann, vice president of business development for GuardedNet. “We are a big supporter of the AVDL initiative and are excited to see significant progress and industry adoption of this standard.”



NetContinuum, Inc. (www.netcontinuum.com), a leading provider of application security gateways and co-chair of the OASIS AVDL TC, has already integrated AVDL into its product line. The company’s new “AVDL Recommendation Wizard” reads AVDL input and generates recommended security policies based on the AVDL input the gateway received. Users then have the option to run the policy setting in passive mode, if preferred, to “AVDL is not a difficult standard to implement,” said Jan Bialkowski, CTO of NetContinuum and co-chair of the AVDL TC. “Since most products already ‘speak’ XML, implementing AVDL is simply a matter of rearranging the XML structure to fit the AVDL schema. The TC spent nearly a year working through all the tough issues and various implementation scenarios to ensure the AVDL schema would be easy to implement. The hard work is done and AVDL is ready for broad adoption by security and application vendors, alike.”


Qualys, Inc. (www.qualys.com), the market leader of on-demand Network Security Audits and Vulnerability Management, plans to add AVDL output capabilities to its QualysGuard service. "As an early participant in the AVDL process, Qualys is excited to see this important standard near completion," said Gerhard Eschelbeck, CTO and VP of engineering of Qualys. "AVDL provides end users with a standardized way to view and share vulnerability information that will ultimately simplify the security management processes."



SPI Dynamics, Inc. (www.spidynamics.com), the expert in web application security testing and enterprise security risk management, and co-chair of the OASIS AVDL TC, has integrated AVDL 1.0 into its WebInspect product line, enabling customers to export comprehensive application vulnerability information in AVDL format. “We are pleased to see this broad-based support for the AVDL initiative from additional leading application security vendors and the larger software community,” said Caleb Sima, co-founder and CTO of SPI Dynamics. “With their assistance, our hope is to see AVDL eventually mean that every application platform, development tool and custom or packaged application within the enterprise can generate a simple AVDL file indicating the legitimate security parameters of that application. By reading these files, any AVDL-compliant security product could automatically ensure protection for each unique application, from the development phase to full production.”



Teros, Inc. (www.teros.com), the company that secures web infrastructures from application-level attacks, will be implementing AVDL into their web application firewall appliance. “A standardized approach to application vulnerability management and closer cooperation between layered security technologies gives customers flexibility in their application security choices,” said Abhishek Chauhan, co-founder and CTO of Teros. “We support AVDL and the ability for vulnerability information to be shared between multiple application and network layer security systems.”


WhiteHat Security, Inc. (www.whitehatsec.com), a leading provider of web application security software services, supports open standards like AVDL and advocate benefits of vendor interoperability. "Every time a code change is made to a web application, there is a potential for new security vulnerabilities," Jeremiah Grossman, CEO of WhiteHat Security. "Whether the web site is an online bank or eCommerce store, the security of the web application is paramount to the security of confidential data. Web application security is an incredibly complicated issue to manage and vendor cooperation will help customers close the window of exposure."

© All rights reserved 2004.