[32473] in bugtraq
Re: Vulnerability Disclosure Formats (was "Re: Funny article")
daemon@ATHENA.MIT.EDU (Javier Fernandez-Sanguino)
Tue Nov 18 13:37:55 2003
Message-ID: <3FBA5BFD.40703@germinus.com>
Date: Tue, 18 Nov 2003 18:50:53 +0100
From: Javier Fernandez-Sanguino <jfernandez@germinus.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <200311142238.hAEMcWtJ019393@linus.mitre.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Steven M. Christey wrote:
> There are a couple proposals out there, but I don't think they've
> gotten as much attention as they deserve:
>
> Common Advisory Interchange Format
>
http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.html
>
>
> Advisory and Notification Markup Language (ANML)
> http://www.opensec.org/anml/
>
I would also add to the list the
EISPP Common Advisory Format Description”, (EISPP-D3-001-TR), version
1.2, 28 march 2003 http://www.eispp.org/commonformat.pdf
Even if this one is slightly biased towards CERTs it could be used by
vendors too.
Regards
Javier Fernandez-Sanguino
