[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability Disclosure Formats (was "Re: Funny article")
- To: bugtraq@securityfocus.com
- Subject: Re: Vulnerability Disclosure Formats (was "Re: Funny article")
- From: Javier Fernandez-Sanguino <jfernandez@germinus.com>
- Date: Tue, 18 Nov 2003 18:50:53 +0100
Steven M. Christey wrote:
There are a couple proposals out there, but I don't think they've
gotten as much attention as they deserve:
Common Advisory Interchange Format
http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.html
Advisory and Notification Markup Language (ANML)
http://www.opensec.org/anml/
I would also add to the list the
EISPP Common Advisory Format Description”, (EISPP-D3-001-TR), version
1.2, 28 march 2003 http://www.eispp.org/commonformat.pdf
Even if this one is slightly biased towards CERTs it could be used by
vendors too.
Regards
Javier Fernandez-Sanguino