Tools Output Integration Framework (TOIF)
TOIF is a publicly available specification published by Object Management Group (OMG). The KDM Analytics product suite leverages this specification.
The specification defines a common format for normalizing vulnerability reporting protocols with the following key goals:
- Creating bases for composite vulnerability analysis tools on top of existing off-the-shelf vulnerability detection tools
- Improving the breadth and accuracy of vulnerability analysis
- Improving the rigor of assessments by bringing vulnerability detection into architecture context
You can access the full spec here: https://www.omg.org/spec/TOIF/1.3/PDF