Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: Common Vulnerability Reporting Framework (CVRF) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Common Vulnerability Reporting Framework (CVRF)

A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. "The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion." [1]

A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.


[1] http://www.icasi.org/cvrf

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

424 Posts
ISC Handler
Is the CVRF a competing standard to MITRE's MAEC?
Nathan Christiansen

20 Posts Posts
Nathan,

CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.

"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns." maec.mitre.org/about/…
Guy

424 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!