VEDEF WG- Vulnerability and Exploit Description and Exchange Format Working Group

Aims: The free exchange of information on new Vulnerability and Exploit amongst responsible Vendors, Computer Security Incident Response Teams (CSIRTs), and their user communities is crucial to incident prevention.

The Task Force will define a unified way of conveying vulnerability and exploit information in a structured manner, based on the same XML concepts as IODEF. It will produce a document describing the high-level functional requirements of a data format for collaboration between vendors, CSIRTs and end-users, a specification of the extensible vulnerability and/or exploit data language that describes the data formats that satisfy the requirements, guidelines for implementing the chosen data format, and a set of sample vulnerability and/or exploit reports and their associate representation in the data language.

Resources

Presentations about VEDEF in the TF-CSIRT meetings