IT Companies Improving Vulnerability Reporting Framework


Eight major players in the IT field have come together to develop a framework through which IT companies will be able to share information more effectively about security issues and the evolving threat environment.  The group, known as the Industry Consortium for Advancement of Security on the Internet, has already released a preliminary version of the project, known as the Common Vulnerability Reporting Framework.  

According to the consortium's president, Russell Smoak, the group is now proceeding to consider enhancements that could make the preliminary framework even more useful to IT companies such as managed services providers, which must stay up-to-date at all times with the types of cyber threats that exist in the online world.

Smoak discussed the framework's major objective, which is to "allow for consistency in how vendors, researchers and customers exchange vulnerability information in an automated format," also commenting that the framework "streamlines risk management…. it speeds the response in the event of a breach."

Smoak discussed an example of how the framework in operation would accomplish these goals, explaining that if several companies experience the same kind of data breach, now the information about the breaches will be available in a consistent format that makes it easier to analyze the attack so that appropriate and timely steps can be taken.

The framework is freely available online at the website set up by the consortium.   At this point, the framework takes the form of a white paper.  The companies that have helped to develop the framework include Intel, IBM, and Microsoft.

 Whitepaper: 6 Do’s & Dont’s for Choosing the Right IT Service Provider