Freely subscribe to our NEWSLETTER

?Until the launch of CVRF a few years ago, vulnerability documentation was an ad hoc, sometimes, chaotic process. There was no standard framework for creating vulnerability report documentation,? said Marie Steinmetz of Intel and President of ICASI. ?By standardizing the sharing of critical security-related information in a single format, CVRF speeds up information exchange and usage. Adding the CVRF standard to the OASIS portfolio of standards will further broaden its use and universal acceptance.?

ICASI took the lead in developing CVRF 1.0 as an open standard four years ago to provide an innovative solution to solve a critical security vulnerability communications problem. Based on a common XML-based framework, CVRF consolidates and brings consistency to vulnerability documentation. It provides the industry with faster and more consistent report creation processes. CVRF users benefit from the standard by being able to receive and process needed information more quickly and easily.

?The time is right for the transfer of CVRF to OASIS. The standard is already being widely adopted, and OASIS has the resources to further increase CVRF’s value to the industry,? said Omar Santos, convener, OASIS CSAF Technical Committee. ?CVRF is a good fit within OASIS since it already works on related automation standards like STIX and TAXI. Thanks to the strong cooperation between these two organizations, the transfer process has been seamless and further development of the CVRF standard is already underway at OASIS.?