Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
Common Vulnerability Reporting Framework (CVRF)
Published: 2011-05-20,
Last Updated: 2011-05-20 02:04:45 UTC
by Guy Bruneau (Version: 1)
Last Updated: 2011-05-20 02:04:45 UTC
by Guy Bruneau (Version: 1)
A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. "The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion." [1]
A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.
[1] http://www.icasi.org/cvrf
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Keywords: CVRF
2 comment(s)Comments
Is the CVRF a competing standard to MITRE's MAEC?
posted by Nathan Christiansen, Tue May 24 2011, 20:07
Nathan,
CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.
"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns." http://maec.mitre.org/about/index.html
CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.
"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns." http://maec.mitre.org/about/index.html
New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form
Diary Archives
