David Solin is the chief architect for Joval Continuous Monitoring.
Prior to joining JovalCM, he was Chief Architect for Service Automation at BMC Software, where he led a global team responsible for overall software design and the technical road-map for five product families accounting for $200M in annual sales. He was also the lead architect for BMC’s first Cloud Lifecycle Management solution, and a member of BMC’s Office of the CTO.
David joined BMC with the Marimba acquisition in 2004. At Marimba, he held a range of positions in the professional services and sales organizations before becoming a member of Marimba’s Office of the CTO. He was instrumental in the genesis, design and development of Marimba’s server and patch management products.
Prior to joining Marimba, David worked at the Defense Information Systems Agency (DISA) and the International Telecommunications Satellite Organization (INTELSAT). He holds a bachelors degree in mathematics from Yale University, and has authored nine issued and one pending US patents.
David leads business development efforts for Joval Continuous Monitoring.
Prior to joining JovalCM, David co-founded Edit.com where he served as CTO for two years and COO for five years. As CTO, David designed Edit.com’s patented and proprietary content management and operational support systems. After pivoting the company from a SaaS CMS provider to a technology-enabled website services provider, he was promoted to COO where he developed Edit.com’s standardized service delivery model, led the development of a technology platform to support it and built a specialized service organization to operate it. As a founder and board member, David played a large role in securing three rounds of financing for the company as well as creating and executing the company’s marketing, sales, and business development strategies.
Prior to Edit.com, David spent four years as a business process analyst and web application developer for operations, IT and new media departments at Christies, Pfizer, and other enterprise clients. Previously, he produced 35 commercial musicals across the Midwest. David received a B.A. in History from Yale University and has one issued and one pending patent.
Today Joval Continuous Monitoring introduced the first version of its SCAP content authoring toolkit called “Slang” (Shorthand-LANGuage for SCAP). The toolkit consists of a VSCode extension and command-line tools that greatly simplify the process of creating security compliance content in SCAP format. The first release covers Windows operating systems, with a follow-on release adding Linux and macOS support planned for the first half of this year.
Joval is proud to have become the first commercial product to complete the NIST SCAP 1.3 validation program and receive an official validation record, having successfully undergone testing by an independent accredited 3rd-party laboratory. Joval’s validation record includes every platform and every capability currently included in the program, and customers who license the SCAP Validated Module may now participate in the “SCAP Inside” labeling program for their own products to meet Federal purchasing requirements.
Today Joval Continuous Monitoring released version 6.3.0 of its flagship products, the Joval SDK and Joval Utilities. This important update to the Joval Utilities includes a new host-based scan mode for resource-constrained environments, making it possible for Joval customers to fine-tune the amount of memory and CPU that will be utilized during the scanning process. New CPU usage configuration properties are also available for users of the Joval SDK.
“Our customers have been finding that some environments involving point-of-sale kiosks and VDI require a softer touch,” said David Solin, co-founder and lead product architect at Joval Continuous Monitoring. “These machines are often stripped to the bone to contain costs, and don’t necessarily have a lot of excess capacity for vulnerability scanning. These new features make it possible to manage the very real vulnerability risks on such machines, without impacting the core business functions they serve.”
For more information, please contact us about conducting an evaluation.
The Center for Internet Security today released a blog article titled Automating the Generation of Windows Vulnerability Detection Content, which highlights the work being performed by Joval Continuous Monitoring to automate the generation of publicly-available Windows vulnerability content.
Joval Continuous Monitoring is pleased to announce release v6.2.0, which adds support for compliance and vulnerability scanning of offline Docker (Linux) image files.
IGI announces their partnership with Joval Continuous Monitoring to power its Nodeware product line.
Representatives from Joval Continuous Monitoring gave presentations at the NIST SCAP v2 developer conference at MITRE Corporation’s McLean, VA campus, including:
The Center for Internet Security today announced Joval Continuous Monitoring was a Top Contributor of publicly-available OVAL content for the first quarter of 2019. This is Joval’s fifth consecutive award for content contribution.
Joval Continuous Monitoring is pleased to announce general availability of Discovery 1.0, available as a stand-alone product, or as an add-on capability for Joval Developer and Enterprise edition customers. Discovery 1.0 is compatible with the new Joval 6.1.0 release.
Discovery 1.0 features include:
Contact us for an evaluation license.
The Center for Internet Security today announced Joval Continuous Monitoring was a Top Contributor of publicly-available OVAL content for the fourth quarter of 2018. This is Joval’s fourth consecutive award, making us a top contributing organization for the entire year of 2018.
The Center for Internet Security today announced Joval Continuous Monitoring was a Top Contributor of publicly-available OVAL content for the third quarter of 2018.
The Center for Internet Security today announced Joval Continuous Monitoring was a Top Contributor of publicly-available OVAL content for the second quarter of 2018.
The Center for Internet Security today announced Joval Continuous Monitoring was a Top Contributor of publicly-available OVAL content for the first quarter of 2018.
Joval Continuous Monitoring, in conjunction with its new 6.0.0 release, announced that it would begin distributing CIS-certified content to its enterprise customers.
Joval Continuous Monitoring introduces Joval™ for Tanium® Comply, an officially supported engine for Tanium Comply, empowering Tanium Comply customers to leverage Joval’s market-leading SCAP compliance and security vulnerability scanning capabilities. Contact us for details on pricing and availability.
The OVAL community met a major milestone by completing its first independent release of the OVAL language since the transition from MITRE. OVAL 5.11.2 features over 70 changes and enhancements to the language, and the release effort was spearheaded by Joval’s own David Solin, who volunteered on behalf of the community to implement and categorize the issue back-log.
JovalCM announces general availability of version 5.11.1-3 of the Joval product suite, which includes numerous bug fixes, improved performance for remote Windows scanning, support for the SCAP validation suite v22.214.171.124 and support for RHEL on IBM System Z mainframes.
JovalCM ships version 5.11.1-2, featuring a number of bug fixes and minor enhancements.
JovalCM ships version 5.11.1-1, featuring support for the over 40 new test types found in OVAL version 5.11.1. Included are the new Cisco IOS-XE and Cisco ASA schemas, many formerly experimental tests in their new (official) namespaces, and new OVAL language functions and datatypes. Numerous connectivity and resilience enhancements, such as the ability to scan Windows devices through SSH gateways, are also included.
David Ries, Joval co-founder, presents on Community-Driven Automation Standards at the 2015 Cybersecurity Innovation Forum in Washington, D.C.
Canonical announced its automatically-generated OVAL repository of Ubuntu vulnerability data. OVAL content is generated continuously (i.e., as soon as it is made available) for the Precise (12.04) and Trusty (14.04) Ubuntu versions. The automation scripts were prototyped by the JovalCM team and donated to Canonical to enable this effort.
In collaboration with the Center for Internet Security (CIS), ThreatGuard, Qualys, and the OVAL Board and with the support of MITRE and The Department of Homeland Security, the JovalCM team helped launch the new CIS-sponsored OVAL Repository. Our team played a leading role in designing the GitHub repository and implementing the maintenance and packaging tools.
Researchers Cheng-Liang Kuo and Chung-Huang Yang presented their paper, Security Design for Configuration Management of Android Devices, in the NETSAP workshop at the 2015 IEEE 39th Annual Computer Software and Applications Conference in Taichung, Taiwan. Kuo and Yang used a Joval-powered prototype to demonstrate a configuration compliance capability for Android-based devices.
The OVAL governing board officially released version 5.11.1 of the OVAL language. This release includes a large number of bug-fixes that the JovalCM team determined were required to successfully implement the language, particularly focusing on the Cisco IOS, IOS-XE and ASA schemas.
JovalCM ships version 126.96.36.199c, featuring proven drop-in readiness for the NIST SCAP 1.2 certification program. This new release includes many performance and scalability enhancements, including new tests specifically for MacOS X and Debian-based Linux distributions, and a new set of command-line utilities for Enterprise and Developer Edition customers.
JovalCM’s proposal for a Linux APT (Advanced Packaging Technology) test has been accepted into the official OVAL Sandbox. This new test adds simplified patch management assessment delegation to native facilities for Ubuntu-based Linux distributions.
The OVAL governing board officially released the much-awaited version 5.11 of the OVAL language. This release includes a large number of new tests and schemas that were proposed by the JovalCM team, including the NETCONF and Juniper JunOS schemas, Windows License and System Metric tests, Unix Symlink test and nine new MacOS tests — effectively doubling the capabilities of the MacOS schema.
Version 188.8.131.52b is released, featuring SQL database support.
Cisco showcases Joval Professional Edition in a security automation webinar.
Joval Professional is released! “Pro” is a desktop application that includes a full GUI for: target and credential management; local and remote scanning; and results display. It is intended for content authors and ad hoc scanning.
Joval accepts the invitation of the OVAL community to join the OVAL language board.
Omar Santos of Cisco’s PSIRT team hosts Cisco’s Automating Cisco IOS Software Vulnerability webinar in which Joval is presented as a robust solution for Cisco IOS scanning.
Version 184.108.40.206a is released, featuring performance and reliability enhancements.
Version 220.127.116.11 is released, adding support for XCCDF, ARF, digital signatures and full coverage for the Windows and Linux SCAP 1.2 certification tests.
Cisco’s PSIRT team adopts Joval to test and validate their OVAL content and features Joval in Cisco’s white-paper on OVAL scanning.
Joval presents new schemas for NETCONF and JunOS at MITRE Developer Days.
The Joval team announces the immediate availability our fully-featured enterprise OCIL engine and demo’s it to the community at Mitre SCAP Developer Days. Check out our online demo at gOCIL.org.
Version 18.104.22.168 is released, adding support for IBM AIX, Apple Mac OSX and complete support for Cisco IOS.
Joval announces the beta of Patch-Service.com, a data feed and SDK for OVAL-based patch assessment, packaging and application. The beta offers comprehensive support for Windows, including over 500,000 OVAL definitions!
GCP Global licenses Joval for its ORCA® GRC suite.
Joval is now an officially-recognized OVAL adopter.
Joval becomes the first to implement Windows_View functionality with Alpha release A.5.10.1.
Joval SCAP engine featured in the OVAL newsletter.
Farnam Hall Ventures LLC green-lights the Joval project.