The Industry Consortium for Advancement of Security on the Internet (ICASI) announced today it transferred further development and maintenance of its Common Vulnerability Reporting Framework (CVRF) Version 1.1 standard to the OASIS Common Security Advisory Framework (CSAF) Technical Committee, part of an international consortium that drives the development, convergence and adoption of open standards for the global information society. ICASI’s CVRF standard has been widely adopted by the major Internet backbone providers. Transferring ICASI’s CVRF standard to OASIS will encourage broader industry participation in the continued development of the standard while enhancing OASIS’s cybersecurity automation standards portfolio.
“Until the launch of CVRF a few years ago, vulnerability documentation was an ad hoc, sometimes, chaotic process. Therewas no standard framework for creating vulnerability report documentation,” said Marie Steinmetz of Intel (News – Alert) and President of ICASI. “By standardizing the sharing of critical security-related information in a single format, CVRF speeds up information exchange and usage. Adding the CVRF standard to the OASIS portfolio of standards will further broaden its use and universal acceptance.”