<<< Date Index >>>     <<< Thread Index >>>

Re: Vulnerability Disclosure Formats (was "Re: Funny article")



Steven M. Christey wrote:

There are a couple proposals out there, but I don't think they've
gotten as much attention as they deserve:

Common Advisory Interchange Format

http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.html


Advisory and Notification Markup Language (ANML)
http://www.opensec.org/anml/


I would also add to the list the

EISPP Common Advisory Format Description”, (EISPP-D3-001-TR), version
1.2, 28 march 2003  http://www.eispp.org/commonformat.pdf

Even if this one is slightly biased towards CERTs it could be used by
vendors too.

Regards

Javier Fernandez-Sanguino