OVAL's reference interpreter shows how: information can be collected from a computer; definitions can be used to test the system for computer vulnerabilities, configuration issues, programs, and patches; and results of the tests can be presented.
OVAL is an international, information security/community standard that has been designed to:
Promote open and publicly available security content,
Standardise the transfer of this information across the entire spectrum of security tools and services.
OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardises the three main steps of the assessment process:
Representing configuration information of systems for testing;
Analysing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.);
Reporting the results of this assessment.
One of the minor drawbacks of using the Mitre OVAL framework is that it is command-line based, which can prove time consuming when scans and updates to the framework need to be performed. SSA has been designed to add a graphical front-end to this process and also provides a great deal more extensibility when utilising the framework in conjunctions with their tool.