http://cert.uni-stuttgart.de/files/caif/requirements/split/requirements.htmlThere are a couple proposals out there, but I don't think they've gotten as much attention as they deserve:
Common Advisory Interchange Format
Advisory and Notification Markup Language (ANML) http://www.opensec.org/anml/
I would also add to the list the
EISPP Common Advisory Format Description”, (EISPP-D3-001-TR), version 1.2, 28 march 2003 http://www.eispp.org/commonformat.pdf
Even if this one is slightly biased towards CERTs it could be used by vendors too.
Regards
Javier Fernandez-Sanguino
