[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unified Security Vulnerability Management

Subject: Unified Security Vulnerability Management
From: ryanshea at google.com (Ryan Shea)
Date: Tue, 19 May 2015 15:53:15 +0000

Manually setting up and parsing email notifications for security
vulnerabilities for all vendors is mighty annoying. It looks like the ICASI
CVRF <http://www.icasi.org/cvrf> Working Group thought the same thing back
in 2011 when they came up with this handy XML schema. I had not known of
this until yesterday and noticed that Cisco does a good job
<http://tools.cisco.com/security/center/cvrfListing.x> posting their
vulnerabilities in CVRF. Word on the streets is that Juniper
<https://twitter.com/junipersirt/status/70627418737610752> was at least
partially involved in CVRF as well. Brocade may have looked into it as well.

This does not seem like a difficult thing for vendors to do, but the
missing piece may be customer interest. I am hoping to drum up some
interest here -- maybe a few support requests would entice them to hand
this off to an intern and we could collectively do better at managing
vendor notifications. A tool <https://github.com/mschiffm/cvrfparse> to
parse CVRF is already floating about as well (mschiffm).

Prev by Date: Spamhaus BGP feed experiences?
Next by Date: Low Cost 10G Router
Previous by thread: A Canonical answer requested (AS41231)
Next by thread: Low Cost 10G Router
Index(es):
- Date
- Thread