Microsoft embraces CVRF format for its security bulletins
Posted on 21 May 2012.
A year has passed since the Industry Consortium for Advancement of Security on the Internet (ICASI) introduced the first version of the Common Vulnerability Reporting Framework, an XML-based framework that enables stakeholders across different organizations to share critical vulnerability-related information in an open and common machine-readable format.


The framework has also recently received an update but, most important of all, has also received a very prominent backer: Microsoft.

"Even though many vendors have followed Microsoft’s lead in providing comprehensive security updates to customers, the formats vendors use vary. CVRF provides the entire industry with a way to share and present data in a coordinated and structured manner," stated Mike Reavey, Senior Director with Microsoft Security Response Center, and announced that Microsoft has presented the latest monthly security updates (released on May 8) in the CVRF format.

Extolling the virtues of the format, Reavey pointed out that even though home-computer users or small businesses haven't got much use for it, big businesses could do without continually “copying and pasting” Microsoft's security bulletin content into their risk management systems, spreadsheets and corporate notification emails manually as part of their IT security compliance and remediation task list.

"For these customers, this machine-readable format may enable more efficiency and automation. Faster and more efficient guidance for these customers means they can more quickly ensure protection, which is always our goal," he wrote, and added that Microsoft's bulletins will continue to be issued also in the current format for those who don't require automation.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //