-
Notifications
You must be signed in to change notification settings - Fork 164
Home
Over the years, there have been many initiatives to amass and share security incident data, but widespread participation and success have been elusive. While there are quite a few reasons for this, at least part of the problem is the lack of a commonly accepted taxonomy. Such efforts are either paralyzed due to equivocality around what to measure or lose traction when data that are collected offer little value because they are based upon incompatible or inadequate systems of classification.
The Vocabulary for Event Recording and Incident Sharing (VERIS) was designed specifically with this in mind. VERIS is a common language for describing security incidents in a structured and repeatable manner. It is a response to one of the most critical and persistent challenges in the security industry - a lack of quality information. VERIS targets this problem by helping organizations to collect useful incident-related information and to share that information - anonymously and responsibly - with others. The overall goal is to lay a foundation from which we can constructively and cooperatively learn from our experiences to better measure and manage risk.