Re: Vulnerability Disclosure Formats (was "Re: Funny article")

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Vulnerability Disclosure Formats (was "Re: Funny article")
From: Javier Fernandez-Sanguino <jfernandez@xxxxxxxxxxxx>
Date: Tue, 18 Nov 2003 18:50:53 +0100
In-reply-to: <200311142238.hAEMcWtJ019393@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Germinus
References: <200311142238.hAEMcWtJ019393@xxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20030916

Steven M. Christey wrote:

There are a couple proposals out there, but I don't think they've
gotten as much attention as they deserve:

Common Advisory Interchange Format

http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.html



Advisory and Notification Markup Language (ANML)
http://www.opensec.org/anml/


I would also add to the list the

EISPP Common Advisory Format Description”, (EISPP-D3-001-TR), version
1.2, 28 march 2003  http://www.eispp.org/commonformat.pdf

Even if this one is slightly biased towards CERTs it could be used by
vendors too.

Regards

Javier Fernandez-Sanguino

References:
- Vulnerability Disclosure Formats (was "Re: Funny article")
  - From: Steven M. Christey

Prev by Date: Re: idsearch.com and googleMS.DLL
Next by Date: Re: Funny article
Previous by thread: Vulnerability Disclosure Formats (was "Re: Funny article")
Next by thread: RE: Vulnerability Disclosure Formats (was "Re: Funny article")
Index(es):
- Date
- Thread