A few months ago, Cisco announced a new format for disclosing vulnerabilities. The PSIRT vulnerability disclosure format was intended to make it easier for system administrators to remain informed about vulnerabilities in Cisco’s products, which are used in data centers all over the world. This month, the company announced an API to make that information available in a machine-consumable format that can be easily integrated into dashboards and other internal security monitoring tools.
Cisco is far from the first company to make vulnerability details available via an API — CVEDetails allows users to access its vulnerability database via a JSON API — but it’s an interesting move that will hopefully allow system administrators to be better informed about and more reactive to vulnerabilities in data center hardware and software.
System administrators have a huge amount of information to track if they’re to stay on top of security information relevant to their job. If the information they need is kept in silos spread across the web, the likelihood of pertinent information being missed is high.
The average server or network administrator in a web hosting company has to keep themselves apprised of vulnerability information from numerous sources concerning hardware and software from routers to operating systems and from web servers to content management systems. Most do a great job, but if all vulnerability data were made available via a set of open APIs, it would be easier to build systems that feed relevant data to the right people without them having to trawl through huge amounts of irrelevant noise.
For large-scale infrastructure deployments, it’s crucial that administrators and managers act quickly to patch vulnerabilities, and to do that they need to be able to identify which infrastructure is vulnerable. Open vulnerability APIs have the potential to empower data center providers and web hosts to build software systems that could automatically ingest vulnerability data, compare it to infrastructure deployment records, and inform sysadmins of what needs patching and where it is located. Open APIs can facilitate the patch management process and enhance security. The potential exists to increase automation even further, with systems that automatically apply relevant patches based on information pulled from APIs.
Making data available in a machine-readable format could also improve the state of automation in security testing. Many pentesters and security experts rely on vulnerability scanners like Nessus to investigate the security of networks. Open API data can help scanner manufacturers keep their tools up-to-date with the most recent vulnerabilities.
A move towards providing vulnerability data through open APIs is welcome, and we can only hope that more companies get on board. Better information, delivered more quickly, will help web hosting and data center providers keep their users safe.