AVDL Committee Draft is out
This morning I got news of AVDL becoming a Committee Draft; you can get it here. AVDL (Application Vulnerability Desciription Language) wants to establish a standard communication protocol between entities with different roles, involved in application vulnerability discovery, management, and protection. Web security scanner tools we have today do a good job with shiny reports but AVDL is aiming to have those results fed automatically into your security management system. What you do from there is your problem. However, while your overworked employees are trying to find the time to fix the problem, you can have an automated protection tool (such as mod_security) protect the vulnerable application automatically.