An eWeek article tells how Cisco’s release of its OpenVuln API, based on the ICASI Common Vulnerability Reporting Framework (CVRF) and other standards, is a further push by the company to make security advisories easier to consume and act upon. Omar Santos, principal engineer of Cisco PSIRT Security Research and Operations and also ICASI’s USIRP Working Chair, is quoted in the article as stating that the OpenVuln API Santos is hopefully a launching point to continue to help improve and automate security disclosure.
“We want there to be more security disclosure automation across the industry,” he said. “The next step is to get more vendors to adopt security automation standards so we can automatically exchange vulnerability information.”
The article also states that increased adoption of security automation is likely to come through continued collaboration through industry organizations such as ICASI.
Get more information on ICASI’s CVRF standard