Breach Info Sharing Tool Enhanced Consortium Offers Free Framework for Vulnerability Reporting

The Industry Consortium for Advancement of Security on the Internet has introduced an enhanced version of its free security vulnerability reporting framework designed to ease the sharing of breach information.

See Also: How to Anticipate Breaches & Prevent Data Loss: Avoiding the Fate of OPM

The framework enables stakeholders across different organizations to share vulnerability information in an open and common machine-readable format.

ICASI, a non-profit association of eight major information technology companies, says Version 1.1 of the Common Vulnerability Reporting Framework offers users a more comprehensive and flexible format, while reducing duplication and the possibility of errors.

"CVRF replaces the many nonstandard reporting formats previously in use, thus speeding up information exchange and processing," the association says.

Russell Smoak, ICASI's president, in an earlier interview with Information Security Media Group, explained that the framework allows for consistency among vendors, researchers and customers in exchanging vulnerability information. "It speeds the response in the event of a breach," he said (see A Framework for Vulnerability Reports).

For example, by using the framework, an organization that's a customer of three companies that have all been affected by a data breach could receive consistent reports and then more promptly take appropriate action, Smoak explained.

The framework is available for free at the consortium's website, which also includes information about a May 30 webcast on the framework.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.





Around the Network