OpenVAS 2.0 Begins Public Beta Phase

Posted by mwiegand on Oct 15, 2008 8:07 PM EDT
OpenVAS Project; By Michael Wiegand 		Mail this story
Print this story

In late September 2008, the OpenVAS developer team released the 2.0-beta1 version of OpenVAS, the Open Vulnerability Assessment System for network security scanning.
The intended audience for this beta release are experienced users interested in upcoming features as well as developers of vulnerability checks.

The new version introduces first steps towards support for OVAL, the Open Vulnerability and Assessment Language. OVAL is an international, information security, community standard to promote open, standardized and publicly available security content.
The OpenVAS server can now execute OVAL files just like its own Network Vulnerability Tests (NVTs) by using the OVAL definitions interpreter "ovaldi". While the plain ovaldi tool can only check local systems where it is installed, the combination with OpenVAS enables it to test any target system for which OpenVAS has collected information. The beta1 release offers sample support for Red Hat Enterprise Linux security announcements which are provided as OVAL definitions.



Major internal changes include the cleaned and extended protocol for client-server communication (OTP) and the transition to the new OID-based scheme for unique IDs of vulnerability tests. The switch from the NTP inherited from Nessus to OTP was necessary due to security and design considerations.



The OpenVAS (NVTs) remain compatible with both the 1.0 and 2.0 series of OpenVAS. This also means that the free OpenVAS NVT feed service (which has recently extended to deliver the full range of NVTs, grown to over 5000 available NVTs) is also compatible for both release series. The switch from NTP to OTP does not affect NVTs already in existance. This means NVTs written in NASL continue to be fully supported by OpenVAS. There is no need to make changes to your old NASL scripts -- unless you want to use the new features.



The first release candidate of the new OpenVAS Compendium has been made available in PDF and HTML format for final reviews and as a base for translation into other languages (a translation to German is already in progress) as well.



The OpenVAS team is looking forward to feedback for the beta1 release. If you want to participate in the beta phase by sharing your experience with beta1 or if you have any questions, please feel free to use the public mailing lists or visit us in our IRC online chat.

Full Story

  Nav
» Read more about: Story Type: Announcements; Groups: Community

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.