NIST launches ‘Bugs Framework’ to promote precision in cyber vulnerability classification

The National Institute of Standards and Technology has released a framework on making information in cybersecurity vulnerability disclosure more precise, as the first step in launching a series of publications aimed at promoting an increased understanding of security failures across the vulnerability management ecosystem.

“The Bugs Framework (BF) is a classification of security bugs and related faults that features a formal language for the unambiguous specification of software and hardware security weaknesses and vulnerabilities,” NIST says in the Tuesday...