Microsoft embraces CVRF format for its security bulletins
Posted on 21 May 2012.
A year has passed since the Industry Consortium for Advancement of Security on the Internet (ICASI) introduced the first version of the Common Vulnerability Reporting Framework, an XML-based framework that enables stakeholders across different organizations to share critical vulnerability-related information in an open and common machine-readable format.


The framework has also recently received an update but, most important of all, has also received a very prominent backer: Microsoft.

"Even though many vendors have followed Microsoft’s lead in providing comprehensive security updates to customers, the formats vendors use vary. CVRF provides the entire industry with a way to share and present data in a coordinated and structured manner," stated Mike Reavey, Senior Director with Microsoft Security Response Center, and announced that Microsoft has presented the latest monthly security updates (released on May 8) in the CVRF format.

Extolling the virtues of the format, Reavey pointed out that even though home-computer users or small businesses haven't got much use for it, big businesses could do without continually “copying and pasting” Microsoft's security bulletin content into their risk management systems, spreadsheets and corporate notification emails manually as part of their IT security compliance and remediation task list.

"For these customers, this machine-readable format may enable more efficiency and automation. Faster and more efficient guidance for these customers means they can more quickly ensure protection, which is always our goal," he wrote, and added that Microsoft's bulletins will continue to be issued also in the current format for those who don't require automation.






Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //