VERIS Community

A resource for learning about the VERIS framework

User Tools

Site Tools


The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS is a response to one of the most critical and persistent challenges in the security industry - a lack of quality information. VERIS targets this problem by helping organizations to collect useful incident-related information and to share that information - anonymously and responsibly - with others. The overall goal is to lay a foundation from which we can constructively and cooperatively learn from our experiences to better measure and manage risk.

This site serves as a central hub for all things VERIS. On it, you will find information and resources for leveraging VERIS in your organization as well as interacting with the growing community of users. We hope you'll become part of that community, and help build a set of valuable information that benefits us all.

VERIS Resources

overview: A brief summary of VERIS and what it can do for you.

schema: The latest VERIS schema files are available on GitHub. We moved from beta to v1 in Jan 2013 (currently in json format) and will be maintaining a regular update schedule from this time forward (probably annually or bi-annually).

documentation: This wiki is the primary source of supporting documentation pertaining to the VERIS Community schema. When the current update process is complete, it will provide additional guidance and commentary on the schema and its use.

data: The VERIS Community Database (VCDB) is an open and free repository of publicly-reported security incidents in VERIS format. You can grab the raw data or use an interactive dashboard.

publications: We encourage those using VERIS to share incidents and/or publish their findings with the community. Those we know of are listed below (If this list looks short, that's because it is; wanna help us extend it?).

  • Verizon's Data Breach Investigations Reports (DBIR) contain statistics from thousands of incidents classified using VERIS, and are available here.

interact: We know mailing lists have lost much of their former glory, but they're still a pretty good way to interact with a large group. VERIS has one, and you can sign up here

assistance: If you need to directly contact those responsible for developing and overseeing VERIS, send an email to admin {at} veriscommunity {dot} net.

start.txt ยท Last modified: 2014/03/31 11:55 by wbaker