The Common Vulnerability Reporting Framework (CVRF) is an XML-based standard that enables security professionals and organizations to share security vulnerability information in a single format, speeding up information exchange and digestion. Cisco has been a major contributor to this standard. CVRF is a common and consistent framework for exchanging not just vulnerability information, but any security-related documentation. More information about CVRF is available at: https://cvrf.github.io

CVRF has been transitioned to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.

The Cisco Product Security Incident Response Team (PSIRT) drives and follows open, global standards and makes decisions to develop and implement new technologies based on customers’ current and anticipated requirements.

CVRF files at Cisco can be obtained via any of the following methods:

• Cisco PSIRT CVRF repository: http://tools.cisco.com/security/center/cvrfListing.x
• Cisco CVRF RSS feed: http://tools.cisco.com/security/center/cvrf_20.xml
• At each security advisory
• Cisco PSIRT openVuln API (coming soon!)

You can essentially create your own advisory and/or pick the sections of security advisories that are more relevant to you by parsing each CVRF file.A Python library and CLI tool (cvrfparse) for extracting data out of a CVRF document is available at GitHub.You can also install cvrfparse from source or by using pip:pip install cvrfparseMore information about this tool can be obtained from the following link:

• Tools of the Trade: cvrfparse

  References:

• CVRF - Common Vulnerability Reporting Framework (CVRF)
• Automating Cisco IOS Vulnerability Assessment
• The Missing Manual: CVRF 1.1 Part 1 of 2
• The Missing Manual: CVRF 1.1 Part 2 of 2
• Tools of the Trade: cvrfparse
• CVRF: A Penny For Your Thoughts
• Improvements to Cisco’s Security Vulnerability Disclosures
• http://icasi.org/the-common-vulnerability-reporting-framework-cvrf-v1-1/
• cvrf1.1/schemata at master · CVRF/cvrf1.1 · GitHub
• CVRF/Sandbox · GitHub