Common Vulnerability Reporting Framework (CVRF)

A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. "The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion." [1]

A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


528 Posts
ISC Handler
May 20th 2011
Is the CVRF a competing standard to MITRE's MAEC?
Nathan Christiansen

20 Posts

CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.

"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns."…

528 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!