The Organisation for the Advancement of Structured Information Standards (Oasis) has moved forward on two fronts in Web services standardisation this week, ratifying a proposal for gauging security vulnerabilities and forming a panel to advance a standard for the building management industry.

Members approved Application Vulnerability Description Language (AVDL) Version 1.0 as an official Oasis Standard. AVDL provides a method for exchanging information about security vulnerabilities within Web services and Web applications.

It also saves network managers from having to manually compare reports from application vulnerability assessments with application firewall rules, patch management systems, and other information from event correlation systems. Vulnerability assessments instead can be imported from AVDL-compliant application scanners. The technology already is being implemented at organizations such as the US Department of Energy and the National Nuclear Security Administration.

Oasis also unveiled plans to advance oBIX (Open Building Information Xchange), with the formation of an oBIX Technical Committee to define a standard method to enable mechanical and electrical systems in facilities to communicate with enterprise applications. The oBIX technology will apply to systems such as heating, venting, and air conditioning; elevators; laboratory equipment; life/safety systems; and closed circuit television monitoring - and so improve the effectiveness of building control systems.

The proposal represents a growing trend of vertical industries developing standards within Oasis.