English | Deutsch
Home »

Project News

See our News Archive for a complete list of OpenVAS project news.

April 25th, 2014 - OpenVAS-7 released: Unified Severity Concept and Access Control Management

Following the annual release cycle, the new generation of OpenVAS [1] has been released. The new version of the open framework for vulnerability scanning and management, OpenVAS-7, introduces a comprehensively extended and improved feature set. Main advances/improvements were undertaken in three domains: improvements to the user interface for power users as well as for beginners, access control and module architecture improvements.

Highlights of this new release are the object tagging, replacememt of threat view by severity view and a new report browser. Another major change is the introduction of access control with groups, roles and permissions. On the architectural side two modules were dropped, the Administrator has been merged into Manager and the desktop client GSD has been dropped in favor of focussing web client advances.

All in all OpenVAS-7 ships 37 new and improved features, accompanied with countless smaller changes. The systematic improvements and reliable release of one major update every twelve months once again underlines the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [2] develops and uses OpenVAS as a base for its appliance product family for vulnerability scanning and management. Together with the company SecPod [3] and the growing community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [4] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework.

OpenVAS-7 can be experienced live at the Linuxtag Conference and Exhibition in Berlin (Germany) [5] from 8th to 10th of May 2014 at the BSI booth.

Read the full announcement

April 17th, 2013 - OpenVAS-6 released: Integrated security information and integration with security tool chain

In keeping with the annual release cycle, the new generation of OpenVAS [1] has been released. The open framework for vulnerability scanning and management, OpenVAS-6 introduces a comprehensively extended and improved feature set. Main advances/improvements were under taken in three domains: 1. improvements to the user interface for power users as well as for beginners, 2. comprehensive integration of international and regional security information and 3. integration with the security tool chain.

Highlights of this new release are the power filter concept and security information management. The latter integrates not only official cross reference of SCAP data right into scan results; with integrating security data of a major German computer emergency response team, DFN-CERT [2], it also adds analysis and reporting capabilities considering regional language and a regional security focus. Improved scan capabilities, password policies, a scan wizard and various other elements round up the new additions into this new generation of OpenVAS. Special attention was given to the integration with the security tool chain via a plugin for the system monitoring family around Nagios [3] and a connector for integrating with the information security management system (ISMS) verinice.PRO [4].

All in all 15 new features were added, accompanied with countless improvements. The systematic improvements and reliable release of one major update every twelve months once again underline the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [5] develops and uses OpenVAS as a basis for its appliance product family for vulnerability scanning and management. Together with the companies SecPod [6], SecuritySpace [7] and the wider community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [8] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework. The company Greenbone Networks [5] develops and uses OpenVAS as a basis for its appliance product family for vulnerability scanning and management. Together with the companies SecPod [6], SecuritySpace [7] and the wider community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [8] supports OpenVAS and uses it, together with many other federal agencies, for their IT security framework.

OpenVAS-6 can be experienced live at the Linuxtag Conference and Exhibition in Berlin (Germany) [9] from 22nd to 25th of May 2013 at the BSI booth.

Read the full announcement

August 23rd, 2012 - OpenVAS becomes OVAL Adopter

Issued as an OVAL System Characteristics Provider OpenVAS helps to automize excessive OVAL-based scanning without overloading the scanned hosts. Whoever works with OVAL scanning and likely faced the problem to collect the necessary system characteristics remotely across networks, should give OpenVAS a try.

This functionality was originally developed for the Greenbone Security Manager by Greenbone Networks, but downloadable sample Scan Configurations and Report Format Plugins are usable with OpenVAS as well. The upcoming support for Windows Operating Systems will support MITRE OVAL Repository (http://oval.mitre.org/repository) and of SecPod SCAP Repository (http://www.scaprepo.com).

Further links on OpenVAS OVAL Adoption are collected here: http://www.openvas.org/software.html#standards_and_interoperability

About OVAL and OVAL-SC

The Open Vulnerability and Assessment Language (OVAL) is an approach for a standardized description of the (security) state of an IT system. OVAL files describe a vulnerability and define tests to identify the state in which a system is vulnerable. They usually refer to specific version of software products for which a known vulnerability exists.

This means that in order to check for vulnerabilities described in an OVAL definition, information about the current state of the system is needed. This information is collected in a standardized format as well -- the OVAL System Characteristics (SC).

There are a number of solutions which perform checks based on OVAL definitions and SC files. OVAL definitions are provided by various vendors. MITRE provides the OVAL Repository with more than 10,000 entries, SecPod has more than 21,000 entries.