This post is a continuation of The Missing Manual: CVRF 1.1 Part 1 of 2.
Praxis: Converting an existing document to CVRF
Now it’s time for some XML! Let’s take what you’ve learned and manually convert the Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities security advisory into a CVRF document. Please note that this process is meant to be instructive and somewhat of a stream-of-consciousness-narrative of how to manually build your first CVRF document. It is expected that, by and large, this process would itself be automated and CVRF document producers would have in-house code to parse their own documents and emit CVRF.
Read More »
Tags: automation, cvrf, intelligent automation, security, security advisories
In this post you will learn about some of the design decisions behind the 1.1 release of the Common Vulnerability Reporting Framework (CVRF). Particular attention is paid to explaining some of the required elements and the Product Tree. After those tasty tidbits, we will convert a recent Cisco security advisory into a well-formed and valid CVRF document. To close, you are treated to some of the items on the docket for future versions of CVRF. It bears mentioning that this paper is not meant to be an exhaustive explanation of the CVRF schemata. It is a rather capricious, if somewhat disorganized look at some outliers that aren’t fully explained elsewhere. It is assumed the reader has a working knowledge of the Common Vulnerability Reporting Framework and of XML.
Tags: cvrf, security, security automation