Open Vulnerability and Assessment Language
OVAL is a standardized language for describing how to check a system's state, such as whether a specific patch is installed or a vulnerable configuration exists. Security scanners use OVAL definitions to test machines the same way regardless of vendor, making assessment results consistent and comparable. Originally created by MITRE, it is now maintained by the Center for Internet Security and is a core component of SCAP.