Avatar

Cisco PSIRT openVuln APIIn October, we announced details about Cisco PSIRT’s new and improved security vulnerability disclosure format. Our Chief Security and Trust Officer, John Stewart, also revealed that Cisco will launch an application programming interface (API) that empowers customers to customize Cisco vulnerability information and publications. Today, we have officially launched the Cisco PSIRT openVuln API and it is available for immediate use.

The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF)Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, and the Common Vulnerability Scoring System (CVSS).

openVulnSupportedStandards

This API allows technical staff and programmers to build tools that help them do their job more effectively. In this case, it enables them to easily keep up with security vulnerability information specific to their network. That frees up more time for them to manage their network and deploy new capabilities in their infrastructure.

The API also allows Cisco customers and partners to leverage OVAL definitions and CVRF data to set up rules for the automated assessment of their own networks. It further simplifies the evaluation process and reduces the time between when a vulnerability is announced and the fix is actually implemented. That means less risk for them and their own customers tied to open vulnerabilities.

We’ve created the following video tutorial to help customers and partners get started.

You can also find technical details and information about the Cisco PSIRT openVuln API  at the new  Cisco PSIRT DevNet site. We know you’ll want to actively engage to learn more, so we have also created a DevNet developer community  where users can get additional technical content, collaborate with peers, exchange sample code, and ask questions.



Authors

Omar Santos

Distinguished Engineer

Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations