OASIS to Further Develop and Broaden Use of ICASI’s Common Vulnerability Reporting Framework Standard

WAKEFIELD, Mass. – November 16, 2016 – The Industry Consortium for Advancement of Security on the Internet (ICASI) announced today it transferred further development and maintenance of its Common Vulnerability Reporting Framework (CVRF) Version 1.1 standard to the OASIS Common Security Advisory Framework (CSAF) Technical Committee, part of an international consortium that drives the development, convergence and adoption of open standards for the global information society. ICASI’s CVRF standard has been widely adopted by the major Internet backbone providers. Transferring ICASI’s CVRF standard to OASIS will encourage broader industry participation in the continued development of the standard while enhancing OASIS’s cybersecurity automation standards portfolio.

″Until the launch of CVRF a few years ago, vulnerability documentation was an ad hoc, sometimes, chaotic process. There was no standard framework for creating vulnerability report documentation,″ said Marie Steinmetz of Intel and President of ICASI. ″By standardizing the sharing of critical security-related information in a single format, CVRF speeds up information exchange and usage.  Adding the CVRF standard to the OASIS portfolio of standards will further broaden its use and universal acceptance.″

ICASI took the lead in developing CVRF 1.0 as an open standard four years ago to provide an innovative solution to solve a critical security vulnerability communications problem. Based on a common XML-based framework, CVRF consolidates and brings consistency to vulnerability documentation. It provides the industry with faster and more consistent report creation processes. CVRF users benefit from the standard by being able to receive and process needed information more quickly and easily.

″The time is right for the transfer of CVRF to OASIS. The standard is already being widely adopted, and OASIS has the resources to further increase CVRF’s value to the industry,″ said Omar Santos, convener, OASIS CSAF Technical Committee. ″CVRF is a good fit within OASIS since it already works on related automation standards like STIX and TAXI. Thanks to the strong cooperation between these two organizations, the transfer process has been seamless and further development of the CVRF standard is already underway at OASIS.″

About OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for cloud computing, security, business transactions, electronic publishing, Smart Grid, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 65 countries. http://www.oasis-open.org.

About ICASI

The Industry Consortium for Advancement of Security on the Internet (ICASI) enhances the global security landscape by driving excellence and innovation in security response practices, and by enabling its members to proactively collaborate to analyze, mitigate, and resolve multi-stakeholder, global security challenges. ICASI’s Charter Members are Cisco Systems, IBM, Intel Corporation, Juniper Networks, and Microsoft Corporation, while Amazon, A10 Networks, Oracle, and VMWare are General Members of the organization.

 ###