Tools Output Integration Framework (TOIF)

TOIF is a publicly available specification published by Object Management Group (OMG). The KDM Analytics product suite leverages this specification.

The specification defines a common format for normalizing vulnerability reporting protocols with the following key goals:

Creating bases for composite vulnerability analysis tools on top of existing off-the-shelf vulnerability detection tools
Improving the breadth and accuracy of vulnerability analysis
Improving the rigor of assessments by bringing vulnerability detection into architecture context