Security industry can now measure vulnerabilities consistently

"Measure what is measurable and make measurable what is not" - Galileo Galilei

Industry Consortium for Advancement of Security on the Internet (ICASI) has released a framework for the standardization of computer security vulnerabilities.  Although thousands of vulnerabilities are discovered every year, they lack the necessary consistency necessary for automatic processing, prioritization, and cataloging.  Vendors, researchers, and security firms use different or proprietary formats when describing vulnerabilities.  This new framework converts the data into XML which is easily read and manipulated by computers.  If widely adopted, it will aid in processing and give the industry a better picture of the threat landscape. 

ICASI is a consortium with some of the big players, including Cisco, IBM, Juniper Networks, Microsoft, Nokia, Oracle, Red Hat, and Intel.   The Common Vulnerability Reporting Framework (CVRF) is free so let's get our industry aligned!

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.