Skip to Main Navigation Skip to Content

Automate to Rapidly Prioritize and Quantify Cyber Risk

Tools Output Integration Framework (TOIF)

TOIF is a publicly available specification published by Object Management Group (OMG). The KDM Analytics product suite leverages this specification.

The specification defines a common format for normalizing vulnerability reporting protocols with the following key goals:

  • Creating bases for composite vulnerability analysis tools on top of existing off-the-shelf vulnerability detection tools
  • Improving the breadth and accuracy of vulnerability analysis
  • Improving the rigor of assessments by bringing vulnerability detection into architecture context

You can access the full spec here: https://www.omg.org/spec/TOIF/1.3/PDF