Given the ubiquity and scope of security vulnerabilities across all types of digital products, IT professionals receive regular security advisories that require action. On December 14, Cisco released a new API that will make the consumption of these security advisories simpler and faster for the better management of security flaws, according to a recent article by Sean Michael Kerner for eWeek.
The openVuln API is a project by Cisco's Product Security Incident Response Team (PSIRT) seeking to make it easier to understand the impact of regular security advisories. ProgrammableWeb writer Patricia Robles recently discussed the type of detailed information held in the advisories and how the API can be integrated to streamline the locating and assessing of security threats.
The new API is an extension of the PSIRT’s efforts to improve the disclosure of security information in a move that aims to encourage the entire IT industry to embrace a broader use of security automation standards. These include Open Vulnerability and Assessment Language (OVAL) and the driving force behind the new API, the Common Vulnerability Reporting Framework (CVRF).
OpenVuln is a REST API with machine-readable content containing details about vulnerabilities and associated risks relative to specific versions and configurations. The API also works with the OpenSCAP tool for consuming OVAL information.
Cisco also highlighted how other security vendors can leverage the information from the openVuln API, nurturing an open policy to security disclosure automation across the IT industry. Encouraging more vendors to adopt security automation standards will pave the way the automatic exchange of vulnerability information, allowing integration with technologies like threat intelligence and indicators of compromise in the future.