[ISN] Security vulnerability reporting framework upgraded for researchers

From: InfoSec News <alerts_at_private>
Date: Wed, 23 May 2012 06:34:22 -0500 (CDT)

By John E Dunn
21 May 2012

The security industry’s Common Vulnerability Reporting Framework (CVRF) 
framework for reporting and sharing security vulnerabilities in a 
machine-readable format has been given a promised revamp to make it 
easier to use for third-party researchers.

Managed by industry body, the Industry Consortium for Advancement of 
Security on the Internet (ICASI), version 1.1 features a new hierarchy 
for defining products as well as tweaks to ensures that the data entered 
into it in XML format is less vendor-centric.

It also debuts a range of smaller changes that iron out the pitfalls of 
version 1.0, released a year ago to allow vendors and enterprises to 
receive vulnerability data in an automated, standardised way. It 
replaced a multitude of formats used by individual companies.

That work continues with 1.1 being presented as another step to 
vendor-independent standardisation, the lack of which had risked 
shutting out anyone not acquainted with each approach, mostly 
independent researchers.


LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
Received on Wed May 23 2012 - 04:34:22 PDT

This archive was generated by hypermail 2.2.0 : Wed May 23 2012 - 04:27:33 PDT