The Tool Output Integration Framework (TOIF) is a powerful open source vulnerability detection platform. It allows users to analyze systems, for the purpose of performing defect sightings on a project.
- Reference implementation for standard-based adaptors
- Further CWE normalization of vulnerability reports based on the Software Fault Patterns; adoption of SFPs
- Adoption of standard-based reporting of vulnerabilities
- Utilization of open source development to advance the SwA space
- A common protocol for exchanging vulnerability findings
TOIF includes the following components:
TOIF is based on existing standard protocol for exchanging system facts; the OMG Knowledge Discovery Metamodel (KDM), now ISO/IEC 19506.