Monday, June 4, 2012

Free Framework for Vulnerability Reporting

Breach Info Sharing Tool Enhanced

The Industry Consortium for Advancement of Security on the Internet has introduced an enhanced version of its free security vulnerability reporting framework designed to ease the sharing of breach information.

The framework enables stakeholders across different organizations to share vulnerability information in an open and common machine-readable format. ICASI, a non-profit association of eight major information technology companies, says Version 1.1 of the Common Vulnerability Reporting Framework offers users a more comprehensive and flexible format, while reducing duplication and the possibility of errors.

"CVRF replaces the many nonstandard reporting formats previously in use, thus speeding up information exchange and processing," the association says. Russell Smoak, ICASI's president, in an earlier interview with Information Security Media Group, explained that the framework allows for consistency among vendors, researchers and customers in exchanging vulnerability information. "It speeds the response in the event of a breach," he said.

For example, by using the framework, an organization that's a customer of three companies that have all been affected by a data breach could receive consistent reports and then more promptly take appropriate action, Smoak explained. The framework is available for free at the consortium's website, which also includes information about a May 30 webcast on the framework.

No comments: