cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11801
Views
16
Helpful
1
Comments
Omar Santos
Cisco Employee
Cisco Employee

The Common Vulnerability Reporting Framework (CVRF) is an XML-based standard that enables security professionals and organizations to share security vulnerability information in a single format, speeding up information exchange and digestion. Cisco has been a major contributor to this standard. CVRF is a common and consistent framework for exchanging not just vulnerability information, but any security-related documentation. More information about CVRF is available at: https://cvrf.github.io

CVRF has been transitioned to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.

The Cisco Product Security Incident Response Team (PSIRT) drives and follows open, global standards and makes decisions to develop and implement new technologies based on customers’ current and anticipated requirements.

CVRF files at Cisco can be obtained via any of the following methods:


You can essentially create your own advisory and/or pick the sections of security advisories that are more relevant to you by parsing each CVRF file.A Python library and CLI tool (cvrfparse) for extracting data out of a CVRF document is available at GitHub.You can also install cvrfparse from source or by using pip:pip install cvrfparseMore information about this tool can be obtained from the following link:

  References:

Comments
subodh.chettri
Beginner
Beginner

I really appreciate cisco for adopting CVRF.

Here's few feed back to help it improve

    - The prduct Name under (/cvrfdoc/ProductTree/FullProductName/text() ) need to be broken down. version needs to be a sperate.

          Example : <FullProductName ProductID="CVRFPID-200509">

               Cisco IOS 15.5(3)M

</FullProductName>

can be broken to

<FullProductName ProductID="CVRFPID-200509">

     <ProductName>Cisco IOS </ProductName>

     <ProductVersion>15.5(3)M</ProductVersion>

</FullProductName>

- https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20160218-glibc/cvrf/cisco-sa-20160218-… was not of a much help /cvrfdoc/ProductTree has gone missing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links