[SC-L] The Next Frontier

[Steven M. Christey]

SCAP deals with finding known vulnerabilities or configuration problems on
live networks, not the results of an ad hoc analysis of a single software
package.  NIST's SAMATE project might have exchange formats on a to-do
list somewhere, but I'm not deeply involved in that project except as it
relates to CWE.  Certainly, an exchange format would be very useful for
collating (or comparing) results from multiple tools, which also might be
its greatest barrier to vendor acceptance based on competitive reasons.

- Steve