Hello, According to the OVAL Core Common schema ( https://protect-us.mimecast.com/s/raF7CVO24gHxkjLxfy-1bh?domain=github.com, "The int datatype describes standard integer data. This datatype conforms to the W3C Recommendation for integer data which follows the standard mathematical concept of the integer numbers...". The section 3.3.13 of the XML specification (W3C XML schema https://protect-us.mimecast.com/s/Jv1_CW6K5kH5Xwg5UnZM2R?domain=w3.org defines the integer datatype as: "[Definition:] integer is ·derived· from decimal by fixing the value of ·fractionDigits· to be 0 and disallowing the trailing decimal point. This results in the standard mathematical concept of the integer numbers. The ·value space· of integer is the infinite set {...,-2,-1,0,1,2,...}. The ·base type· of integer is decimal." Now, OVAL schema defines the: "date_modified oval-def:EntityStateIntType (0..1) -- Time of last modification of file. The integer should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC)." Does a value of “99,131,624,269,876,220,000” for date_modified property comply with the above definition? Or its max value should be restricted to “18,446,744,073,709,551,615” (2^64 - 1)? Respectfully, Dragos Prisaca

18,446,744,073,709,551,614 … I believe represents a date some 28,809 years in the future. I have doubts about whether anyone will need to measure file times at that point, so, it seems as good a limit as any to me! > On Dec 18, 2019, at 9:56 AM, Dragos Prisaca <dragos.prisaca@g2-inc.com> wrote: > > Hello, > > According to the OVAL Core Common schema (https://protect-us.mimecast.com/s/jpY4C0Ro5viGg099T2LLge?domain=github.com <https://protect-us.mimecast.com/s/Lkl8C82zpPt6P8AAHnJ9Yv?domain=github.com>), "The int datatype describes standard integer data. This datatype conforms to the W3C Recommendation for integer data which follows the standard mathematical concept of the integer numbers...". > The section 3.3.13 of the XML specification (W3C XML schema https://protect-us.mimecast.com/s/Y6jbCgJDA1HAw5jjc3vO0b?domain=w3.org <https://protect-us.mimecast.com/s/qK4GC9rAqRfkNV66cEAbkr?domain=w3.org>) defines the integer datatype as: "[Definition:] integer is derived from decimal by fixing the value of fractionDigits to be 0 and disallowing the trailing decimal point. This results in the standard mathematical concept of the integer numbers. The value space of integer is the infinite set {...,-2,-1,0,1,2,...}. The base type of integer is decimal." > > Now, OVAL schema defines the: "date_modified oval-def:EntityStateIntType (0..1) -- Time of last modification of file. The integer should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC)." > > Does a value of “99,131,624,269,876,220,000” for date_modified property comply with the above definition? Or its max value should be restricted to “18,446,744,073,709,551,615” (2^64 - 1)? > > Respectfully, > Dragos Prisaca > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org