Cisco provides a choice of ways to learn about the security vulnerabilities it reports. Users and administrators can check Cisco's security page. They can subscribe to a mailing list, an RSS feed, or a notification service. The most versatile option is the PSIRT OpenVuln API. It's lets organizations run applications to monitor and respond to vulnerabilities in customized ways. They can use existing applications or create their own.
In creating OpenVuln, Cisco is aiming not only to present information in more adaptable ways, but to encourage the development of open security automation standards.
OpenVuln lets a custom application get the latest information through a REST API. RESTful queries are equivalent to HTTP URLs, so an application can use Web-related code libraries to do much of the work. The information can come back in XML or JSON format, following five standards:
-
CVE, Common Vulnerabilities and Exposures.
-
CVSS, Common Vulnerability Scoring System.
-
CVRF, Common Vulnerability Reporting Framework.
-
OVAL, Open Vulnerability and Assessment Language (only for Cisco IOS advisories).
-
CWE, Common Weakness Enumeration.
