Vulnerability assessment languages, such as OVAL (Open Vulnerability and Assessment Language), specifications of which are distributed by the MITRE Corporation, can be used to enhance interoperability by providing standardized definitions for tests that can be performed on computing devices to check, for example, registry entries, file integrity, filesystem permissions, and other system characteristics. Current OVAL definitions are authored by security authorities and can be used to evaluate whether a particular computing device complies with a published security policy described in OVAL definition files. However, because these definitions describe already-known security threats and policies, such methodologies are inflexible and are not adapted to evaluate unknown or dynamic vulnerability and compliance issues in the deployed environment.