The Log4j vulnerability that affected so many in the energy industry has highlighted the need to automate software vulnerability reporting by software vendors and enable software consumers to rapidly perform risk assessments whenever a new software vulnerability is reported. The existing "Security Bulletin", "read em and weep" approach is too inefficient, leaving our critical infrastructures vulnerable to cyber breaches over long periods of time. Automation is key to success - the only problem is "which vulnerability reporting format to use"? This article describes the various options available to report software vulnerabilities.
Richard "Dick" Brooks
Expert Member
Top Contributor