The Open Cybersecurity Alliance (OCA) announced the availability of OpenDXL Ontology, its open-source language for connecting cybersecurity tools through a common messaging framework. 

“With open source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language,” the OCA explained in a post.

RELATED CONTENT: ‘Security debt’ focus of 2019 State of Software Security report

OpenDXL Ontology is based on the Open Data Exchange Layer (OpenDXL), an open messaging framework to develop and share integrations with other tools. With the release of the language, the alliance can provide a single, common solution for notifications, information, actions and communicating with other tools. In addition, it  provides companies with a set of tooling that can be applied once and automatically reused everywhere across all product categories, while also eliminating the need to update integrations as product versions and functionalities change

“For example, if a certain tool detects a compromised device, it could automatically notify all other tools and even quarantine that device using a standard message format readable by all. While previously this was only possible with custom integrations between individual products, it will now be automatically enabled between all tools that adopt OpenDXL Ontology,” according to the alliance.

The OCA community said it is currently collaborating on GitHub and Slack to further new open-source code and use-cases for cybersecurity industry interoperability. The OCA will continue development for both STIX Shifter, an out-of-the-box search capability for security products of all types, and OpenDXL Ontology.

“The adoption of OpenDXL Ontology will help create a stronger, united front to defend and protect across all types of security tools, while reducing the burden of point integrations between individual products,” the OCA wrote. 

The alliance also announced the formation of a technical steering committee to help drive the technical direction and development of the organization. Members of the committee include leaders from AT&T, IBM Security, McAfee, Packet Clearinghouse and Tripwire.