Engineering Enterprise SCAP

We are a small, engineering-oriented company narrowly focused on delivering the best standards-based configuration assessment technology in the world. Our lightweight toolkits enable ISVs, MSSPs, U.S. Federal Agencies and enterprises large and small, around the globe to scan anything from anywhere.
David A. Solin

David A. Solin

Co-Founder, Research & Technology

David Solin is the chief architect for Joval and a co-founder of JovalCM’s parent company, Farnam Hall Ventures LLC.

Prior to joining JovalCM, he was Chief Architect for Service Automation at BMC Software, where he led a global team responsible for overall software design and the technical road-map for five product families accounting for $200M in annual sales. He was also the lead architect for BMC’s first Cloud Lifecycle Management solution, and a member of BMC’s Office of the CTO.

David joined BMC with the Marimba acquisition in 2004. At Marimba, he held a range of positions in the professional services and sales organizations before becoming a member of Marimba’s Office of the CTO. He was instrumental in the genesis, design and development of Marimba’s server and patch management products.

Prior to joining Marimba, David worked at the Defense Information Systems Agency (DISA) and the International Telecommunications Satellite Organization (INTELSAT). He holds a bachelors degree in mathematics from Yale University, and has authored nine issued and one pending US patents.

David E. Ries

David E. Ries

Co-Founder, Business Development

David leads Joval’s business development efforts and is a co-founder of JovalCM’s parent company, Farnam Hall Ventures LLC.

Prior to joining JovalCM, David co-founded Edit.com where he served as CTO for two years and COO for five years. As CTO, David designed Edit.com’s patented and proprietary content management and operational support systems. After pivoting the company from a SaaS CMS provider to a technology-enabled website services provider, he was promoted to COO where he developed Edit.com’s standardized service delivery model, led the development of a technology platform to support it and built a specialized service organization to operate it. As a founder and board member, David played a large role in securing three rounds of financing for the company as well as creating and executing the company’s marketing, sales, and business development strategies.

Prior to Edit.com, David spent four years as a business process analyst and web application developer for operations, IT and new media departments at Christies, Pfizer, and other enterprise clients. Previously, he produced 35 commercial musicals across the Midwest. David received a B.A. in History from Yale University and has one issued and one pending patent.

Apr

Tanium Adds Support for JovalCM

Joval Continuous Monitoring introduces Joval™ for Tanium® Comply, an officially supported engine for Tanium Comply, empowering Tanium Comply customers to leverage Joval’s market-leading SCAP compliance and security vulnerability scanning capabilities. Contact us for details on pricing and availability.

Mar

Joval Introduces Partnership with CIS

Today Joval and the Center for Internet Security signed an agreement allowing Joval to provide CIS benchmarks directly to end-user customers. Licensed customers can now request CIS content via the support portal, to begin the certification process.

2017
Dec

OVAL 5.11.2 official release

The OVAL community met a major milestone by completing its first independent release of the OVAL language since the transition from MITRE. OVAL 5.11.2 features over 70 changes and enhancements to the language, and the release effort was spearheaded by Joval’s own David Solin, who volunteered on behalf of the community to implement and categorize the issue back-log.

May

Joval 5.11.1-3 Released

JovalCM announces general availability of version 5.11.1-3 of the Joval product suite, which includes numerous bug fixes, improved performance for remote Windows scanning, support for the SCAP validation suite v1.2.1.14 and support for RHEL on IBM System Z mainframes.

Mar

Joval Authoring Toolkit Released

JovalCM announces the immediate availability of the Joval Authoring Toolkit. The toolkit can be used by OVAL authoring teams to generate high-quality automation content from the National Vulnerability Database’s CVE XML feed.

Jan

Version 5.11.1-2 Released

JovalCM ships version 5.11.1-2, featuring a number of bug fixes and minor enhancements.

2016
Sep

Version 5.11.1-1 Released

JovalCM ships version 5.11.1-1, featuring support for the over 40 new test types found in OVAL version 5.11.1.  Included are the new Cisco IOS-XE and Cisco ASA schemas, many formerly experimental tests in their new (official) namespaces, and new OVAL language functions and datatypes. Numerous connectivity and resilience enhancements, such as the ability to scan Windows devices through SSH gateways, are also included.

Sep

2015 Cybersecurity Innovation Forum

David Ries, Joval co-founder, presents on Community-Driven Automation Standards at the 2015 Cybersecurity Innovation Forum in Washington, D.C.

Sep

Canonical Publishes OVAL Content for Ubuntu

Canonical announced its automatically-generated OVAL repository of Ubuntu vulnerability data. OVAL content is generated continuously (i.e., as soon as it is made available) for the Precise (12.04) and Trusty (14.04) Ubuntu versions. The automation scripts were prototyped by the JovalCM team and donated to Canonical to enable this effort.

Sep

OVAL Repository 2.0 Launched

In collaboration with the Center for Internet Security (CIS), ThreatGuard, Qualys, and the OVAL Board and with the support of MITRE and The Department of Homeland Security, the JovalCM team helped launch the new CIS-sponsored OVAL Repository. Our team played a leading role in designing the GitHub repository and implementing the maintenance and packaging tools.

Apr

OVAL Language Version 5.11.1 Officially Released

The OVAL governing board officially released version 5.11.1 of the OVAL language. This release includes a large number of bug-fixes that the JovalCM team determined were required to successfully implement the language, particularly focusing on the Cisco IOS, IOS-XE and ASA schemas.

Feb

Version 5.10.1.2c Released

JovalCM ships version 5.10.1.2c, featuring proven drop-in readiness for the NIST SCAP 1.2 certification program.  This new release includes many performance and scalability enhancements, including new tests specifically for MacOS X and Debian-based Linux distributions, and a new set of command-line utilities for Enterprise and Developer Edition customers.

Jan

Joval Proposes APT Test for Ubuntu Linux

JovalCM’s proposal for a Linux APT (Advanced Packaging Technology) test has been accepted into the official OVAL Sandbox.  This new test adds simplified patch management assessment delegation to native facilities for Ubuntu-based Linux distributions.

2015
Dec

OVAL Language Version 5.11 Officially Released

The OVAL governing board officially released the much-awaited version 5.11 of the OVAL language.  This release includes a large number of new tests and schemas that were proposed by the JovalCM team, including the NETCONF and Juniper JunOS schemas, Windows License and System Metric tests, Unix Symlink test and nine new MacOS tests — effectively doubling the capabilities of the MacOS schema.

Aug

Joval Proposes New Tests for MacOS, Unix Schemas

The official OVAL Sandbox published Joval’s proposals for nine new MacOS X tests, and a long-needed symlink test for the Unix schema.  These new tests are required to implement newly-available security best practices from CIS in OVAL format, pertaining to MacOS X Mavericks.

Apr

Joval Adds SQL Database Support

Version 5.10.1.2b is released, featuring SQL database support.

Apr

Cisco Showcases Joval Pro

Cisco showcases Joval Professional Edition in a security automation webinar.

2014
Dec

Joval Professional Edition

Joval Professional is released! “Pro” is a desktop application that includes a full GUI for: target and credential management; local and remote scanning; and results display. It is intended for content authors and ad hoc scanning.

Nov

Joins OVAL Governing Board

Joval accepts the invitation of the OVAL community to join the OVAL language board.

Apr

Cisco Webinar Features Joval

Omar Santos of Cisco’s PSIRT team hosts Cisco’s Automating Cisco IOS Software Vulnerability webinar in which Joval is presented as a robust solution for Cisco IOS scanning.

Apr

5.10.1.1a: Stronger & Faster

Version 5.10.1.1a is released, featuring performance and reliability enhancements.

Feb

5.10.1.1: SCAP 1.2 Validation Ready

Version 5.10.1.1 is released, adding support for XCCDF, ARF, digital signatures and full coverage for the Windows and Linux SCAP 1.2 certification tests.

2013
Sep

Joval Powers Cisco's SCAP Initiatives

Cisco’s PSIRT team adopts Joval to test and validate their OVAL content and features Joval in Cisco’s white-paper on OVAL scanning.

Jul

Joval Pioneers NETCONF & JunOS Support

Joval presents new schemas for NETCONF and JunOS at MITRE Developer Days.

Jul

Enterprise OCIL Has Arrived

The Joval team announces the immediate availability our fully-featured enterprise OCIL engine and demo’s it to the community at Mitre SCAP Developer Days. Check out our online demo at gOCIL.org.

Feb

Joval 5.10.1.0: Dramatically Expanded Platform Support

Version 5.10.1.0 is released, adding support for IBM AIX, Apple Mac OSX and complete support for Cisco IOS.

Feb

A New Content Toolkit for Windows Patch

Joval announces the beta of Patch-Service.com, a data feed and SDK for OVAL-based patch assessment, packaging and application. The beta offers comprehensive support for Windows, including over 500,000 OVAL definitions!

2012
Nov

First OEM

GCP Global licenses Joval for its ORCA® GRC suite.

Sep

Official OVAL Adopter

Joval is now an officially-recognized OVAL adopter.

Sep

"Windows_View" Released

Joval becomes the first to implement Windows_View functionality with Alpha release A.5.10.1.

Aug

Joval in the News(letter)

Joval SCAP engine featured in the OVAL newsletter.

Jul

First Open Source Release

The first commit of Joval Community Edition’s source code is published on Github, under the Affero GPL license terms.

May

Joval is a "Go"!

Farnam Hall Ventures LLC green-lights the Joval project.

2011