Proposal of RSS Extension for Security Information Exchange

Unauthorized access intending to spread malware has been active and causing a lot of damage worldwide. In order to eliminate vulnerabilities and prevent unauthorized access, it is necessary to improve the way to distribute security information about computer software and hardware. When a new vulnerability is discovered or a security advisory is released, the security administrators try to collect information about and countermeasures against the vulnerability. In this paper, we examines how we can provide a more efficient security information distribution service for the security administrators that helps them reduce their workload related to collecting and grouping various information and take care of security incidents.

We propose JVNRSS (JP Vendor Status Notes RSS) as a security information sharing and exchanging specification. Currently, JPCERT/CC and IPA (Information-technology Promotion Agency) are promoting a framework to handle vulnerability information in Japan.

They offer JVN, a portal site to provide security information about the domestic computer software and hardware manufactured by the vendors participating in the framework. JVNRSS is one of the methods JVN has been using to distribute security information. JVNRSS is based on RSS 1.0 and uses the "dc:relation" field defined in the Dublin Core as a Relational ID to correlate security information issued by various sources (Figure 1). JVNRSS uses the reference URL specified in a security alert, for example, an URL of the Common Vulnerability Exposure, CERT Advisory, CERT Vulnerability Note and CIAC Bulletin. In this paper, firstly we explain the specification and application of JVNRSS. Secondly, we'll introduce the result of our feasibility study on JVNRSS (Figure 2) and lastly we'll propose the RSS Extension for security information sharing.