Breach Info Sharing Tool Enhanced

Consortium Offers Free Framework for Vulnerability Reporting

By , May 29, 2012.
Breach Info Sharing Tool Enhanced

The Industry Consortium for Advancement of Security on the Internet has introduced an enhanced version of its free security vulnerability reporting framework designed to ease the sharing of breach information.

See Also: Combatting Account Takeover Fraud & Remote Access Trojans

The framework enables stakeholders across different organizations to share vulnerability information in an open and common machine-readable format.

ICASI, a non-profit association of eight major information technology companies, says Version 1.1 of the Common Vulnerability Reporting Framework offers users a more comprehensive and flexible format, while reducing duplication and the possibility of errors.

"CVRF replaces the many nonstandard reporting formats previously in use, thus speeding up information exchange and processing," the association says.

Russell Smoak, ICASI's president, in an earlier interview with Information Security Media Group, explained that the framework allows for consistency among vendors, researchers and customers in exchanging vulnerability information. "It speeds the response in the event of a breach," he said (see A Framework for Vulnerability Reports).

For example, by using the framework, an organization that's a customer of three companies that have all been affected by a data breach could receive consistent reports and then more promptly take appropriate action, Smoak explained.

The framework is available for free at the consortium's website, which also includes information about a May 30 webcast on the framework.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Infosec Careers: Find Your Passion

Andy Ellis, chief security officer of Akamai Technologies, says that in today's burgeoning...

Latest Tweets and Mentions

ARTICLE Infosec Careers: Find Your Passion

Andy Ellis, chief security officer of Akamai Technologies, says that in today's burgeoning...

The ISMG Network