SecPod intends to publish security advisories in an XML format that conforms
to Common Vulnerability Reporting Format (CVRF version 1.1).
What is CVRF?
The Common Vulnerability Reporting Framework is an XML-based standard that
enables sharing of vulnerability information in a machine-readable format.
Originally derived from the Internet Engineering Task Force (IETF) draft Incident
Object Description Exchange Format (IODEF), this format was then developed by
the Industry Consortium for Advancement of Security on the Internet (ICASI).
CVRF Provides Two Key Benefits:
(1) It provides a consistent way to depict security information thus simplifying
the interpretation of the advisories, and
(2) It provides a machine-readable format for the interpretation of security
advisories, thus allowing automation (and integration of the advisories in,
for example, vulnerability scanning tools).
One of our advisory in CVRF format:
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting Vulnerability.
The Advisory in CVRF format link is broken. Could you update that? I would love to see an example.