Thought Leadership

White Paper

CVRF 1.1 – The Missing Manual
Case Study and Lessons Learned

This white paper authored by ICASI member Mike Schiffman of Cisco Systems discusses some of the design decisions behind the 1.1 release of ICASI’s Common Vulnerability Reporting Framework. Particular attention is paid to explaining some of the required elements and the Product Tree. The paper then shows the conversion of a recent Cisco security advisory into a well-formed and valid CVRF document, and it reviews some items being considered for future versions of CVRF. Readers should have working knowledge of CVRF and of XML. Download the paper here.

Case Study

Managing a Global Industry Unified Security Incident Response Program:
Case Study and Lessons Learned

ICASI members Pete Allor of IBM and Brian Willis of Intel presented a paper at the GFIRST Conference in Nashville, Tenn., in August 2011 detailing the ICASI USIRP process and value proposition.

Their paper, “Managing a Global Industry Unified Security Incident Response Program: Case Study and Lessons Learned,” can be downloaded here.