Google Proposes An Open-Source Vulnerability Interchange Schema

Written by Michael Larabel in Linux Security on 24 June 2021 at 09:15 AM EDT. 5 Comments
As part of Google's latest work on trying to enhance open-source software security, months after starting their own open-source vulnerability database they are now looking to push an open-source vulnerability interchange schema to make it easier to exchange information on vulnerabilities and making it easier for automated analysis.

Google hopes this will be adopted as a unified vulnerability schema used by open-source projects for relaying details about vulnerabilities. In large part the emphasis on this schema is to make it easier for automated analysis and processing while the JSON-based format can be converted into human-friendly output as well with ease.

Here's a look at the design in its near-finalized state.

Google has been working with projects like Go, Rust, Python, and their own OSS-Fuzz for supporting this schema as they work towards finalizing it.

More details on Google's open-source vulnerability schema can be found via the Google Security blog.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week