cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

What is the Common Vulnerability Reporting Framework (CVRF)?

9121
Views
16
Helpful
1
Comments

The Common Vulnerability Reporting Framework (CVRF) is an XML-based standard that enables security professionals and organizations to share security vulnerability information in a single format, speeding up information exchange and digestion. Cisco has been a major contributor to this standard. CVRF is a common and consistent framework for exchanging not just vulnerability information, but any security-related documentation. More information about CVRF is available at: https://cvrf.github.io

CVRF has been transitioned to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.

The Cisco Product Security Incident Response Team (PSIRT) drives and follows open, global standards and makes decisions to develop and implement new technologies based on customers’ current and anticipated requirements.

CVRF files at Cisco can be obtained via any of the following methods:


You can essentially create your own advisory and/or pick the sections of security advisories that are more relevant to you by parsing each CVRF file.A Python library and CLI tool (cvrfparse) for extracting data out of a CVRF document is available at GitHub.You can also install cvrfparse from source or by using pip:pip install cvrfparseMore information about this tool can be obtained from the following link:

  References:

Comments
Beginner

I really appreciate cisco for adopting CVRF.

Here's few feed back to help it improve

    - The prduct Name under (/cvrfdoc/ProductTree/FullProductName/text() ) need to be broken down. version needs to be a sperate.

          Example : <FullProductName ProductID="CVRFPID-200509">

               Cisco IOS 15.5(3)M

</FullProductName>

can be broken to

<FullProductName ProductID="CVRFPID-200509">

     <ProductName>Cisco IOS </ProductName>

     <ProductVersion>15.5(3)M</ProductVersion>

</FullProductName>

- https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20160218-glibc/cvrf/cisco-sa-20160218-… was not of a much help /cvrfdoc/ProductTree has gone missing.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here
This widget could not be displayed.