TMCnet News
ICASI Transfers Development of Security Open Standard to OASISThe Industry Consortium for Advancement of Security on the Internet (ICASI) announced today it transferred further development and maintenance of its Common Vulnerability Reporting Framework (CVRF) Version 1.1 standard to the OASIS Common Security Advisory Framework (CSAF) Technical Committee, part of an international consortium that drives the development, convergence and adoption of open standards for the global information society. ICASI's CVRF standard has been widely adopted by the major Internet backbone providers. Transferring ICASI's CVRF standard to OASIS will encourage broader industry participation in the continued development of the standard while enhancing OASIS's cybersecurity automation standards portfolio. "Until the launch of CVRF a few years ago, vulnerability documentation was an ad hoc, sometimes, chaotic process. Therewas no standard framework for creating vulnerability report documentation," said Marie Steinmetz of Intel (News - Alert) and President of ICASI. "By standardizing the sharing of critical security-related information in a single format, CVRF speeds up information exchange and usage. Adding the CVRF standard to the OASIS portfolio of standards will further broaden its use and universal acceptance." ICASI took the lead in developing CVRF 1.0 as an open standard four years ago to provide an innovative solution to solve a critical security vulnerability communications problem. Based on a common XML-based framework, CVRF consolidates and brings consistency to vulnerability documentation. It provides the industry with faster and more consistent report creation processes. CVRF users benefit from the standard by being able to receive and process needed information more quickly and easily. "The time is right for the transfer of CVRF to OASIS. The standard is already being widely adopted, and OASIS has the resources to further increase CVRF's value to the industry," said Omar Santos, convener, OASIS CSAF Technical Committee. "CVRF is a good fit within OASIS since it already works on related automation standards like STIX and TAXI. Thanks to the strong cooperation between these two organizations, the transfer process has been seamless and further development of the CVRF standard is already underway at OASIS."
About OASIS
About ICASI
View source version on businesswire.com: http://www.businesswire.com/news/home/20161116005200/en/ |