Common Vulnerability Reporting Format (CVRF) is announced!
Posted by Tom Cross on May 19, 2011 at 3:51 AM EDT.
We are very excited to see the public announcement of the Common Vulnerability Reporting Format (CVRF) by the Industry Consortium for the Advancement of Security on the Internet (ICASI). CVRF is an XML standard for publishing security vulnerability advisories.
Since 1997, X-Force has been manually keeping track of every public computer security vulnerability disclosure in the X-Force Database. In our view, a machine readable format for advisories will significantly improve the efficiency of this process as well as the consistency and reliability of this data. This automation will be one of the important technical underpinnings of a future in which the enterprise will have total endpoint configuration control; wherein network control systems are aware of every software revision running on every endpoint and can instantly respond to security vulnerability disclosures that impact those software revisions.
X-Force has contributed directly to the development of the CVRF standard and we plan to be an early adopter. As a first step, we will be building tools to parse and validate CVRF documents as a part of our vulnerability tracking efforts and we will begin importing data that software vendors are publishing in this format. If you'd like to publish advisories in CVRF, please see the detailed documentation that has been published by ICASI.
If you do publish in CVRF, please notify us. We would be happy to provide independent validation that your documents are parsing properly.