Published on February 11th, 2013 | by NJ Ouchn0
vFeed® – The Open Source Correlated & Cross-Linked Vulnerability XML Database “re”started
Back in 2008, i was conducting a bunch of penetration testing and as a security consultant i had to document and to explain every findings and vulnerabilities. As you may expected, CVE is the naming identifier to rely on when it comes to describe a vulnerability. However, the more information you provide about your findings the more reliable your report is. So i found myself fighting to aggregate and correlate CVE alongside with other extra information issued from 3rd parties vendors. The idea came then.
While the emergence of the Open Standard helped undeniably to shape a new structured way to communicate about vulnerabilities (just take a look at http://measurablesecurity.mitre.org/ to be amazed), i’ve started working on a simple all-in-one xml feed that provides every kind of information related to a certain vulnerability (explicitly CVE id).
I called the project vDNA (which means Vulnerability DNA) but later renamed it to vFeed®. (why ®: just because i submitted to INPI (http://www.inpi.fr/) the registration of the concept). vDNA sounds a bit sloppy 😉
vFeed is an Open Source / Open Standard new concept naming scheme that provides extra structured detailed 3rd parties references for a CVE entry.