Bugtraq: Re: Vulnerability Disclosure Formats (was "Re: Funny article")

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Vulnerability Disclosure Formats (was "Re: Funny article")

From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Tue, 18 Nov 2003 18:50:53 +0100

Steven M. Christey wrote:

There are a couple proposals out there, but I don't think they've
gotten as much attention as they deserve:

Common Advisory Interchange Format

http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.html



Advisory and Notification Markup Language (ANML)
http://www.opensec.org/anml/


I would also add to the list the

EISPP Common Advisory Format Description”, (EISPP-D3-001-TR), version
1.2, 28 march 2003  http://www.eispp.org/commonformat.pdf

Even if this one is slightly biased towards CERTs it could be used by
vendors too.

Regards

Javier Fernandez-Sanguino

By Date By Thread

Current thread:

Vulnerability Disclosure Formats (was "Re: Funny article") Steven M. Christey (Nov 14)
- Re: Vulnerability Disclosure Formats (was "Re: Funny article") Javier Fernandez-Sanguino (Nov 18)
- <Possible follow-ups>
- RE: Vulnerability Disclosure Formats (was "Re: Funny article") Russ (Nov 15)