Hello All, I'd like to bring to your attention the Vulnerabilities and eXposures Markup Language (VuXML) and associated resources. VuXML is a markup language designed for the documentation of security issues within a single package collection. Since about February of this year, we have been diligently documenting vulnerabilities in FreeBSD and the FreeBSD Ports Collection using VuXML. The Project's VuXML document is maintained in the FreeBSD repository, path ports/security/vuxml/vuln.xml. Any FreeBSD committer may make updates to this file. The FreeBSD security officer acts as editor. The contents of the FreeBSD Project VuXML document is made available in a human-friendly format at <URL:http://vuxml.freebsd.org/>. There one may browse issues by date, package name, CVE name, and so forth. In addition, an RSS feed is available at <URL:http://www.vuxml.org/freebsd/rss.xml>, allowing one to keep informed using an RSS reader such as Straw. Some tools that use VuXML are available in the FreeBSD Ports Collection. `vxquery' (ports/security/vxquery) is a simple command line tool that parses the VuXML document directly. `portaudit' (ports/security/portaudit) uses a `distilled' version of the FreeBSD VuXML document to report which of your installed ports may be affected by security issues, as well as providing additional warnings when attempting to install ports. A mailing list has been established for the discussion of VuXML, <freebsd-vuxml@FreeBSD.org>. This is a forum for discussing: - VuXML itself, including the DTD and its evolution - entries in the FreeBSD VuXML document, including new submissions, corrections, and style issues - VuXML usage and tools - the VuXML web site (www.vuxml.org and vuxml.freebsd.org) To subscribe to the mailing list, visit <URL:http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml> or send a subscription request to <freebsd-vuxml-request@FreeBSD.org>. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org As a postscript, I'm also happy to say that the OpenBSD Ports & Packages collection has adopted VuXML for documenting issues as well. See the announcement at <URL:http://undeadly.org/cgi?action=article&sid=20040415123423>; the human-friendly contents at <URL:http://www.vuxml.org/openbsd/>; or the RSS feed at <URL:http://www.vuxml.org/openbsd/rss.xml>. The OpenBSD VuXML document is currently maintained in Robert Nagy's private repository.