Application Vulnerability Description Language (AVDL) has been approved as an OASIS standard last week (see email from Karl F. Best). AVDL is an XML-based protocol for transfer of vulnerability information from scanner tools to protection (or security management) systems. Having been in the draft state for some time now, most of the big web security software scanner tool vendors already support it.