Common Vulnerability Reporting Framework (CVRF)

Published: 2011-05-20
Last Updated: 2011-05-20 02:04:45 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. "The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion." [1]

A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: CVRF
2 comment(s)


Is the CVRF a competing standard to MITRE's MAEC?

CVRF is a vulnerability reporting framework while MAEC is about reporting malware attributes.

"Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns."

Diary Archives