Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Common Vulnerability Reporting Framework (CVRF) - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Common Vulnerability Reporting Framework (CVRF)

A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. "The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion." [1]

A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


427 Posts
ISC Handler
Is the CVRF a competing standard to MITRE's MAEC?
Nathan Christiansen

20 Posts

CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.

"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns."…

427 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!