A group of application security vendors affiliated with the Organization for the Advancement of Structured Information Standards (OASIS) will next week announce a proposal for an XML standard for application vulnerabilities. The announcement will be made at the RSA Conference being held in San Francisco.

The group, made up of Citadel Security Software, GuardedNet, NetContinuum, SPI Dynamics and Teros, is promoting the development of the Application Vulnerability Description Language (AVDL), which is intended to standardize information about application vulnerabilities, enabling different products to share vulnerability information in a heterogenous network environment, according to a statement released by the five companies.

The AVDL group submitted its idea to OASIS for study. In turn, OASIS has created a technical committee to develop an XML definition for exchanging information on the security vulnerabilities of applications exposed to networks.

A draft specification from the AVDL Technical Committee is scheduled for September, with a final specification due in December, according to OASIS.

If widely adopted, the AVDL standards will enable customers to deploy diverse "best of breed" security technology to protect their network without having to sacrifice integration and interoperability, according to Wes Wasson, chief security strategy officer at NetContinuum.

Though initially intended to foster interoperability among the products of the five sponsoring companies, AVDL has the potential to be adopted by additional product platforms and to move further up the development chain, according to Brian Cohen, CEO of SPI Dynamics.

AVDL backers hope that development platform vendors and OASIS members such as Microsoft, BEA Systems and IBM will join the AVDL Technical Committee and help shape the development of the AVDL standard so that it can be easily integrated with their development environments, according to Cohen.

Asked about the potential of resistance from those large companies, or from companies that are wary of more standards, Wasson and Cohen said that demand from their customers was driving them to promote the AVDL standard.

"Customers are drowning in the complexity of the application security problem," Wasson said. "Our customers are driving this. They see it as a real business solution to real business problems."

The IDG News Service is a Network World affiliate.

Whitepapers

• Secure Wireless Printing Options
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• The Latest Advancements in SSL Technology
• Selecting Effective Virtual Directories

View more SOFTWARE whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Lowering the Cost of Email Archives
• Google Webcast: Why archive email? Top challenges and best practices
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SOFTWARE webcasts

Special Reports

• WAN Optimization: The Ultimate No Brainer
• Keeping Spam at Bay
• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture
• Executive Guide: Virtualization Reality Check
• IT Buyers Guide To: Collaboration

View more SOFTWARE special reports