Information Security News mailing list archives
Security vulnerability reporting framework upgraded for researchers
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 23 May 2012 06:34:22 -0500 (CDT)
http://news.techworld.com/security/3359074/security-vulnerability-reporting-framework-upgraded-for-researchers/ By John E Dunn Techworld 21 May 2012The security industry’s Common Vulnerability Reporting Framework (CVRF) framework for reporting and sharing security vulnerabilities in a machine-readable format has been given a promised revamp to make it easier to use for third-party researchers.
Managed by industry body, the Industry Consortium for Advancement of Security on the Internet (ICASI), version 1.1 features a new hierarchy for defining products as well as tweaks to ensures that the data entered into it in XML format is less vendor-centric.
It also debuts a range of smaller changes that iron out the pitfalls of version 1.0, released a year ago to allow vendors and enterprises to receive vulnerability data in an automated, standardised way. It replaced a multitude of formats used by individual companies.
That work continues with 1.1 being presented as another step to vendor-independent standardisation, the lack of which had risked shutting out anyone not acquainted with each approach, mostly independent researchers.
[...]
_______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.org
Current thread:
- Security vulnerability reporting framework upgraded for researchers InfoSec News (May 23)