David Solin is the chief architect for Joval and a co-founder of JovalCM’s parent company, Farnam Hall Ventures LLC.
Prior to joining JovalCM, he was Chief Architect for Service Automation at BMC Software, where he led a global team responsible for overall software design and the technical road-map for five product families accounting for $200M in annual sales. He was also the lead architect for BMC’s first Cloud Lifecycle Management solution, and a member of BMC’s Office of the CTO.
David joined BMC with the Marimba acquisition in 2004. At Marimba, he held a range of positions in the professional services and sales organizations before becoming a member of Marimba’s Office of the CTO. He was instrumental in the genesis, design and development of Marimba’s server and patch management products.
Prior to joining Marimba, David worked at the Defense Information Systems Agency (DISA) and the International Telecommunications Satellite Organization (INTELSAT). He holds a bachelors degree in mathematics from Yale University, and has authored seven issued and two pending US patents.
David leads Joval’s business development efforts and is a co-founder of JovalCM’s parent company, Farnam Hall Ventures LLC.
Prior to joining JovalCM, David co-founded Edit.com where he served as CTO for two years and COO for five years. As CTO, David designed Edit.com’s patented and proprietary content management and operational support systems. After pivoting the company from a SaaS CMS provider to a technology-enabled website services provider, he was promoted to COO where he developed Edit.com’s standardized service delivery model, led the development of a technology platform to support it and built a specialized service organization to operate it. As a founder and board member, David played a large role in securing three rounds of financing for the company as well as creating and executing the company’s marketing, sales, and business development strategies.
Prior to Edit.com, David spent four years as a business process analyst and web application developer for operations, IT and new media departments at Christies, Pfizer, and other enterprise clients. Previously, he produced 35 commercial musicals across the Midwest. David received a B.A. in History from Yale University and has one issued and one pending patent.
The OVAL community met a major milestone by completing its first independent release of the OVAL language since the transition from MITRE. OVAL 5.11.2 features over 70 changes and enhancements to the language, and the release effort was spearheaded by Joval’s own David Solin, who volunteered on behalf of the community to implement and categorize the issue back-log.
JovalCM announces general availability of version 5.11.1-3 of the Joval product suite, which includes numerous bug fixes, improved performance for remote Windows scanning, support for the SCAP validation suite v18.104.22.168 and support for RHEL on IBM System Z mainframes.
JovalCM ships version 5.11.1-2, featuring a number of bug fixes and minor enhancements.
JovalCM ships version 5.11.1-1, featuring support for the over 40 new test types found in OVAL version 5.11.1. Included are the new Cisco IOS-XE and Cisco ASA schemas, many formerly experimental tests in their new (official) namespaces, and new OVAL language functions and datatypes. Numerous connectivity and resilience enhancements, such as the ability to scan Windows devices through SSH gateways, are also included.
David Ries, Joval co-founder, presents on Community-Driven Automation Standards at the 2015 Cybersecurity Innovation Forum in Washington, D.C.
Canonical announced its automatically-generated OVAL repository of Ubuntu vulnerability data. OVAL content is generated continuously (i.e., as soon as it is made available) for the Precise (12.04) and Trusty (14.04) Ubuntu versions. The automation scripts were prototyped by the JovalCM team and donated to Canonical to enable this effort.
In collaboration with the Center for Internet Security (CIS), ThreatGuard, Qualys, and the OVAL Board and with the support of MITRE and The Department of Homeland Security, the JovalCM team helped launch the new CIS-sponsored OVAL Repository. Our team played a leading role in designing the GitHub repository and implementing the maintenance and packaging tools.
The OVAL governing board officially released version 5.11.1 of the OVAL language. This release includes a large number of bug-fixes that the JovalCM team determined were required to successfully implement the language, particularly focusing on the Cisco IOS, IOS-XE and ASA schemas.
JovalCM ships version 22.214.171.124c, featuring proven drop-in readiness for the NIST SCAP 1.2 certification program. This new release includes many performance and scalability enhancements, including new tests specifically for MacOS X and Debian-based Linux distributions, and a new set of command-line utilities for Enterprise and Developer Edition customers.
JovalCM’s proposal for a Linux APT (Advanced Packaging Technology) test has been accepted into the official OVAL Sandbox. This new test adds simplified patch management assessment delegation to native facilities for Ubuntu-based Linux distributions.
The OVAL governing board officially released the much-awaited version 5.11 of the OVAL language. This release includes a large number of new tests and schemas that were proposed by the JovalCM team, including the NETCONF and Juniper JunOS schemas, Windows License and System Metric tests, Unix Symlink test and nine new MacOS tests — effectively doubling the capabilities of the MacOS schema.
Version 126.96.36.199b is released, featuring SQL database support.
Cisco showcases Joval Professional Edition in a security automation webinar.
Joval Professional is released! “Pro” is a desktop application that includes a full GUI for: target and credential management; local and remote scanning; and results display. It is intended for content authors and ad hoc scanning.
Joval accepts the invitation of the OVAL community to join the OVAL language board.
Omar Santos of Cisco’s PSIRT team hosts Cisco’s Automating Cisco IOS Software Vulnerability webinar in which Joval is presented as a robust solution for Cisco IOS scanning.
Version 188.8.131.52a is released, featuring performance and reliability enhancements.
Version 184.108.40.206 is released, adding support for XCCDF, ARF, digital signatures and full coverage for the Windows and Linux SCAP 1.2 certification tests.
Cisco’s PSIRT team adopts Joval to test and validate their OVAL content and features Joval in Cisco’s white-paper on OVAL scanning.
Joval presents new schemas for NETCONF and JunOS at MITRE Developer Days.
The Joval team announces the immediate availability our fully-featured enterprise OCIL engine and demo’s it to the community at Mitre SCAP Developer Days. Check out our online demo at gOCIL.org.
Version 220.127.116.11 is released, adding support for IBM AIX, Apple Mac OSX and complete support for Cisco IOS.
Joval announces the beta of Patch-Service.com, a data feed and SDK for OVAL-based patch assessment, packaging and application. The beta offers comprehensive support for Windows, including over 500,000 OVAL definitions!
GCP Global licenses Joval for its ORCA® GRC suite.
Joval is now an officially-recognized OVAL adopter.
Joval becomes the first to implement Windows_View functionality with Alpha release A.5.10.1.
Joval SCAP engine featured in the OVAL newsletter.
Farnam Hall Ventures LLC green-lights the Joval project.