http://news.techworld.com/security/3359074/security-vulnerability-reporting-framework-upgraded-for-researchers/ By John E Dunn Techworld 21 May 2012 The security industry’s Common Vulnerability Reporting Framework (CVRF) framework for reporting and sharing security vulnerabilities in a machine-readable format has been given a promised revamp to make it easier to use for third-party researchers. Managed by industry body, the Industry Consortium for Advancement of Security on the Internet (ICASI), version 1.1 features a new hierarchy for defining products as well as tweaks to ensures that the data entered into it in XML format is less vendor-centric. It also debuts a range of smaller changes that iron out the pitfalls of version 1.0, released a year ago to allow vendors and enterprises to receive vulnerability data in an automated, standardised way. It replaced a multitude of formats used by individual companies. That work continues with 1.1 being presented as another step to vendor-independent standardisation, the lack of which had risked shutting out anyone not acquainted with each approach, mostly independent researchers. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Wed May 23 2012 - 04:34:22 PDT
This archive was generated by hypermail 2.2.0 : Wed May 23 2012 - 04:27:33 PDT