New Internet vulnerability reporting framework for industry
The Industry Consortium for Advancement of Security on the Internet (ICASI), a nonprofit association dedicated to enhancing global IT security by proactively driving excellence and innovation in security response, has published a Common Vulnerability Reporting Framework (CVRF).
CVRF is an XML-based framework that enables stakeholders across different organizations to share critical vulnerability-related information in an open and common machine-readable format.
This format replaces the myriad of current nonstandard reporting formats, thus speeding up information exchange and processing. CVRF is available to the public free of charge, along with additional information, at ICASI.
"CVRF represents a true milestone in industry efforts to raise and broaden awareness of security vulnerabilities," said Linda Betz, president of ICASI and director of IT Policy and Information Security at IBM. "With the use of CVRF, the producers of vulnerability reports will benefit from faster and more standardized reporting.
"End users will be able to find, process and act upon relevant information more quickly and easily, with a higher level of confidence that the information is accurate and comprehensive. Consumers will ultimately benefit with safer systems and applications."
