ICASI
ICASI is the organization responsible for the Common Vulnerability Reporting Framework. The NIST Common Vulnerability Enumeration (CVE) can be (and is) expressed in CVRF, but the CVRF is a superset of the CVE which is to say that there are more fields and information available in CVRF than in the CVE. There is industry support for the CVRF by several larger vendors even though I am uncertain how frequently the CVRF is used in the workflow of downstream security professionals.
ICASI CVRF (official references)
CVRF External References
Cisco - Michael Schiffman
The Missing Manual: CVRF 1.1 Part 1 of 2
The Missing Manual: CVRF 1.1 Part 2 of 2
Tools of the Trade: cvrfparse
Cisco CVRF Repository
Microsoft
Microsoft security updates and the Common Vulnerability Reporting Framework
Microsoft Security Bulletin Data (download link)
Oracle
Use of the Common Vulnerability Reporting Format (CVRF) for Oracle's Security Advisories
"The advisory in the CVRF format can be found in the 'references' section of each [CPU] advisory."
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1932662.xml (RSS)
RedHat
Red Hat and CVRF compatibility
Sample Red Hat Security Advisory in CVRF 1.1 format
CVRF definitions for Red Hat security advisories (data files)
IBM
IBM Security Bulletins
Keeping up with security
Security Bulletin: Potential Security exposures with WebSphere Application Server (CVE-2014-4770 and CVE-2014-4816) (sample bulletin)
MITRE CVE
CVE Usage of CVRF
Download CVE in CVRF format
ICASI is the organization responsible for the Common Vulnerability Reporting Framework. The NIST Common Vulnerability Enumeration (CVE) can be (and is) expressed in CVRF, but the CVRF is a superset of the CVE which is to say that there are more fields and information available in CVRF than in the CVE. There is industry support for the CVRF by several larger vendors even though I am uncertain how frequently the CVRF is used in the workflow of downstream security professionals.
ICASI CVRF (official references)
CVRF External References
Cisco - Michael Schiffman
The Missing Manual: CVRF 1.1 Part 1 of 2
The Missing Manual: CVRF 1.1 Part 2 of 2
Tools of the Trade: cvrfparse
Cisco CVRF Repository
Microsoft
Microsoft security updates and the Common Vulnerability Reporting Framework
Microsoft Security Bulletin Data (download link)
Oracle
Use of the Common Vulnerability Reporting Format (CVRF) for Oracle's Security Advisories
"The advisory in the CVRF format can be found in the 'references' section of each [CPU] advisory."
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1932662.xml (RSS)
RedHat
Red Hat and CVRF compatibility
Sample Red Hat Security Advisory in CVRF 1.1 format
CVRF definitions for Red Hat security advisories (data files)
IBM
IBM Security Bulletins
Keeping up with security
Security Bulletin: Potential Security exposures with WebSphere Application Server (CVE-2014-4770 and CVE-2014-4816) (sample bulletin)
MITRE CVE
CVE Usage of CVRF
Download CVE in CVRF format
