22 May 2012

Microsoft Security Updates Now in CVRF Format

Microsoft re-released a set of monthly security updates in CVRF format and submitted it to users’ review, according to a blog post published on the Microsoft Security Response Center. The IT giant takes this step as part of its commitment to address today’s cyber security challenges as a founding member of the Industry Consortium for Advancement of Security in the Internet (ICASI).

CVRF, or Common Vulnerability Reporting Framework, is “an XML-based language that enables different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion,” according to the ICASI web site. Version 1.1 of the CVRF system was released in May 2012, to “fill a major gap in vulnerability standardization”. 

CVRF may not have an immediate utility for home users, who are more likely to set their machines to be updated automatically. This “machine-readable data-markup framework” is intended to eliminate the security bulletin copy/paste tasks that may prove cumbersome for business customers. However, the current bulletin format will run parallel to the CVRF one so that all customers, even those not requiring automation, are still covered.

The CVRF standard is expected to enable IT industry players to provide a faster response to emerging threats.