SecPod intends to publish security advisories in an XML format that conforms
to Common Vulnerability Reporting Format (CVRF version 1.1).

What is CVRF?
The Common Vulnerability Reporting Framework is an XML-based standard that
enables sharing of vulnerability information in a machine-readable format.
Originally derived from the Internet Engineering Task Force (IETF) draft Incident
Object Description Exchange Format (IODEF), this format was then developed by
the Industry Consortium for Advancement of Security on the Internet (ICASI).

CVRF Provides Two Key Benefits:
(1) It provides a consistent way to depict security information thus simplifying
the interpretation of the advisories, and
(2) It provides a machine-readable format for the interpretation of security
advisories, thus allowing automation (and integration of the advisories in,
for example, vulnerability scanning tools).

More can be found here:
http://www.icasi.org/cvrf

One of our advisory in CVRF format:
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting Vulnerability.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>