Bill of Vulnerabilities (BOV)

 

Share vulnerability data between systems and sources of vulnerability intelligence

CycloneDX BOMs may consist solely of vulnerabilities, thus can be used to share vulnerability data between systems and sources of vulnerability intelligence. Complex vulnerability data can be represented including:

  • Source of vulnerability intelligence
  • References to other sources of intelligence containing the same vulnerability
  • Multiple severity and/or risk ratiings
  • Complete vulnerability details and recommendations
  • Organizations and individuals credited with discovery
  • Affected software and their versions

Advisory Format

CycloneDX is also an ideal advisory format, thus providing a common standard and tool chain for BOM and advisory information. A BOV which additionally contains the analysis of the vulnerability along with a metadata reference to the component itself provides the details necessary for full-featured advisory use cases.

High-Level Object Model

CycloneDX Object Model Swimlane

See also

Additional Capabilities

CycloneDX Supporters

Apiiro
Bloomberg
Contrast Security
Ecma International
Fortress Information Security
IBM
IonChannel
Kondukto
Lockheed Martin
NowSecure
OWASP
Rezilion
ServiceNow
Sonatype