The Industry Consortium for Advancement of Security on the Internet (ICASI) launches version 1.0 of its security report framework, allowing vendors to share software vulnerability data more easily.
The Common Vulnerability Reporting Framework (CVRF) is a free-to-use machine-readable XML-based reporting standard which ICASI says sorts out the different formats companies use to report and refer to discovered vulnerabilities across multiple product types.
The idea is that vendors adapt the CVRF, thus eliminating the need to translate between incompatible report formats. It is not only aimed for vendors, but also for security researchers, CERTs, large companies and governments.
ICASI's membership includes Microsoft, Cisco, Juniper Networks, Nokia, Amazon and Intel, and its website currently has a white paper explaining the CVRF.
