Breach Info Sharing Tool Enhanced

Consortium Offers Free Framework for Vulnerability Reporting

By , May 29, 2012.
Breach Info Sharing Tool Enhanced

The Industry Consortium for Advancement of Security on the Internet has introduced an enhanced version of its free security vulnerability reporting framework designed to ease the sharing of breach information.

See Also: How to Identify Meaningful Alerts from the Security Noise

The framework enables stakeholders across different organizations to share vulnerability information in an open and common machine-readable format.

ICASI, a non-profit association of eight major information technology companies, says Version 1.1 of the Common Vulnerability Reporting Framework offers users a more comprehensive and flexible format, while reducing duplication and the possibility of errors.

"CVRF replaces the many nonstandard reporting formats previously in use, thus speeding up information exchange and processing," the association says.

Russell Smoak, ICASI's president, in an earlier interview with Information Security Media Group, explained that the framework allows for consistency among vendors, researchers and customers in exchanging vulnerability information. "It speeds the response in the event of a breach," he said (see A Framework for Vulnerability Reports).

For example, by using the framework, an organization that's a customer of three companies that have all been affected by a data breach could receive consistent reports and then more promptly take appropriate action, Smoak explained.

The framework is available for free at the consortium's website, which also includes information about a May 30 webcast on the framework.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Federal CIO's Exit: Impact on IT Security

The unexpected departure of Steven VanRoekel as the federal chief information officer likely will...

Latest Tweets and Mentions

ARTICLE Federal CIO's Exit: Impact on IT Security

The unexpected departure of Steven VanRoekel as the federal chief information officer likely will...

The ISMG Network