Common Vulnerability Reporting Framework (CVRF)
A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. "The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion." [1]
A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.
[1] http://www.icasi.org/cvrf
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Keywords: CVRF
2 comment(s)
×
Diary Archives
Comments
Nathan Christiansen
May 24th 2011
1 decade ago
CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.
"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns." http://maec.mitre.org/about/index.html
Guy
May 24th 2011
1 decade ago