What They Say About CVRF

“Vulnerabilities in complex applications, systems, and network infrastructure are, unfortunately, inevitable, and with an increasing number of vendors and products, the reporting and interpretation of vulnerabilities increases as well.  As an industry, we need to make our jobs easier given these factors; we also need to make it simpler. With the Common Vulnerability Reporting Framework, we can share critical vulnerability-related information in an open, common, and standardized format, and it’s about time. When used, it allows for standard information to be included, machine-readable reports, and ideally more consistent interpretation and response by information and network security teams.  We’ve needed this for a very long time.”

John N. Stewart,
Vice President & Chief Security Officer

“CVRF represents a true milestone in industry efforts to raise and broaden awareness of security vulnerabilities.  With the use of CVRF, the producers of vulnerability reports will benefit from faster and more standardized reporting.  End users will be able to find, process, and act upon relevant information more quickly and easily, with a higher level of confidence that the information is accurate and comprehensive. Consumers will ultimately benefit with safer systems and applications.”

Linda Betz
President of ICASI
Director of IT Policy and Information Security

“We are pleased to be a founding member of ICASI and to be an active participant in the development of industry standards to address security issues.  With the mainstreaming of PCs and mobile devices representing the fastest adopted technology to date, providing standards to address security issues quickly and easily is critical.  Today’s announcement is an important step in proactively providing industry standards and protocols that will ultimately protect customers.”

Mark Bauhaus
Executive Vice President & General Manager
Service Layer Technologies Business Group
Juniper Networks

“This is the type of framework customers have requested for years.  We are constantly looking for ways to evolve our processes to make it easier for customers to digest information and apply security updates quickly. Through this program, Microsoft is aiming to help foster collaborative security solutions.”

Mike Reavey
Microsoft Security Response Center

“The CVRF standard will enable organizations such as ours to share information about security issues with a consistent and common format.  We’re proud to be part of the CVRF working group.”

Mark Cox
Director of Security Response
Red Hat