Security automation is a hot topic these days. Most organizations have many systems to patch and configure securely, with numerous versions of software and features enabled. Many security administrators are seeking ways to leverage standards and available tools to reduce the complexity and time necessary to respond to security advisories, assess their devices, and ensure compliance so they can allocate resources to focus on other areas of their network and security infrastructure.
Common Vulnerability Reporting Framework (CVRF) is a language that enables different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion. CVRF is a common and consistent framework for exchanging not just vulnerability information, but any security-related documentation. More information about CVRF is available at the OASIS Common Security Advisory Framework (CSAF) TC website.
The Cisco Product Security Incident Response Team (PSIRT) produces CVRF content for all security advisories. CVRF files can be obtained via the following methods:
