Jane Edwards
The Organization for the Advancement of Structured Information Standards has partnered with technology firms and other organizations to advance the adoption of a standard format designed to automate reporting of cyber vulnerabilities.
The Common Security Advisory Framework developed by the OASIS’ technical committee works to facilitate interoperability and production of machine-readable vulnerability data and builds on the Industry Consortium for Advancement of Security on the Internet’s Common Vulnerability Reporting Framework format, OASIS said Tuesday.
“Our goal with CSAF is to make it easier for administrators to identify and address known vulnerabilities within their networks, regardless of the platforms they’re using,†said Omar Santos, principal engineer at Cisco’s product security incident response team and chair of the OASIS CSAF technical committee.
OASIS and Cisco also collaborated with the Department of Homeland Security, National Institute of Standards and Technology, Center for Internet Security and CERT/CC at Carnegie Mellon University’s Software Engineering Institute to help define the standard format.
Other companies that contributed to the CSAF definition include:
- EclecticIQ
- FireEye
- Hitachi
- IBM
- Intel
- LookingGlass Cyber Solutions
- NC4
- Oracle
- Red Hat
- SafeNet
- TELUS
- VeriSign
