Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security vulnerability reporting framework upgraded for researchers

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 23 May 2012 06:34:22 -0500 (CDT)
http://news.techworld.com/security/3359074/security-vulnerability-reporting-framework-upgraded-for-researchers/

By John E Dunn
Techworld
21 May 2012
The security industry’s Common Vulnerability Reporting Framework (CVRF) framework for reporting and sharing security vulnerabilities in a machine-readable format has been given a promised revamp to make it easier to use for third-party researchers.
Managed by industry body, the Industry Consortium for Advancement of Security on the Internet (ICASI), version 1.1 features a new hierarchy for defining products as well as tweaks to ensures that the data entered into it in XML format is less vendor-centric.
It also debuts a range of smaller changes that iron out the pitfalls of version 1.0, released a year ago to allow vendors and enterprises to receive vulnerability data in an automated, standardised way. It replaced a multitude of formats used by individual companies.
That work continues with 1.1 being presented as another step to vendor-independent standardisation, the lack of which had risked shutting out anyone not acquainted with each approach, mostly independent researchers. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: