Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: InfoSec News (alertsinfosecnews.org)
Date: Wed May 23 2012 - 06:34:22 CDT
By John E Dunn
21 May 2012
The security industry’s Common Vulnerability Reporting Framework (CVRF)
framework for reporting and sharing security vulnerabilities in a
machine-readable format has been given a promised revamp to make it
easier to use for third-party researchers.
Managed by industry body, the Industry Consortium for Advancement of
Security on the Internet (ICASI), version 1.1 features a new hierarchy
for defining products as well as tweaks to ensures that the data entered
into it in XML format is less vendor-centric.
It also debuts a range of smaller changes that iron out the pitfalls of
version 1.0, released a year ago to allow vendors and enterprises to
receive vulnerability data in an automated, standardised way. It
replaced a multitude of formats used by individual companies.
That work continues with 1.1 being presented as another step to
vendor-independent standardisation, the lack of which had risked
shutting out anyone not acquainted with each approach, mostly
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA