Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)

Mission

VRDX-SIG is primarily chartered to research and recommend ways to identify and exchange vulnerability information across disparate vulnerability databases.

Vulnerability databases have different scopes, areas of coverage, identification systems, data schemes, feeds, and supporting languages. These differences lead to difficulty tracking and responding to vulnerability reports. By studying existing practices, the SIG seeks to develop recommendations on how to better identify, track, and exchange vulnerability information across disparate vulnerability databases.

Goals

During the first phase (2013 - 2015), the SIG surveyed vulnerability databases and ID systems, started development of a vulnerability database catalog, and presented on the major issues surrounding vulnerability ID systems, namely abstraction, duplication, and coverage. For the second phase, starting in 2015, the SIG will work towards the following goals.

Planned Meetings