"Measure what is measurable and make measurable what is not" - Galileo Galilei
Industry Consortium for Advancement of Security on the Internet (ICASI) has released a framework for the standardization of computer security vulnerabilities. Although thousands of vulnerabilities are discovered every year, they lack the necessary consistency necessary for automatic processing, prioritization, and cataloging. Vendors, researchers, and security firms use different or proprietary formats when describing vulnerabilities. This new framework converts the data into XML which is easily read and manipulated by computers. If widely adopted, it will aid in processing and give the industry a better picture of the threat landscape.
ICASI is a consortium with some of the big players, including Cisco, IBM, Juniper Networks, Microsoft, Nokia, Oracle, Red Hat, and Intel. The Common Vulnerability Reporting Framework (CVRF) is free so let's get our industry aligned!
Comments