Skip to content
whbaker edited this page May 1, 2015 · 25 revisions

Over the years, there have been many initiatives to amass and share security incident data, but widespread participation and success have been elusive. While there are quite a few reasons for this, at least part of the problem is the lack of a commonly accepted taxonomy. Such efforts are either paralyzed due to equivocality around what to measure or lose traction when data that are collected offer little value because they are based upon incompatible or inadequate systems of classification.

The Vocabulary for Event Recording and Incident Sharing (VERIS) was designed specifically with this in mind. VERIS is a common language for describing security incidents in a structured and repeatable manner. It is a response to one of the most critical and persistent challenges in the security industry - a lack of quality information. VERIS targets this problem by helping organizations to collect useful incident-related information and to share that information - anonymously and responsibly - with others. The overall goal is to lay a foundation from which we can constructively and cooperatively learn from our experiences to better measure and manage risk.

The data points defined within VERIS don't represent everything one might collect regarding a security incident. Instead, VERIS attempts to strike a balance between usefulness and completeness. If something is interesting from a research standpoint but does not directly provide security management with actionable information, it is likely not included. In certain sections, we identify additional metrics that, while not formally included, might be of interest should users desire to collect them. Done properly, VERIS can create not only a view of what happened in a specific incident, but allow the incident to be viewed in context with a broader body of knowledge.

This wiki supplements the main VERIS JSON schema by providing additional guidance to users and developers. We suggest starting with the VERIS Overview section and proceed as you like from there. You may also want to check out some of the additional resources below.


The VERIS Community Database (VCDB) is an open and free repository of publicly-reported security incidents in VERIS format. You can grab the raw data or use an interactive dashboard.

Verizon's Data Breach Investigations Reports (DBIR) contain statistics from thousands of incidents classified using VERIS, and are available here.

This example input form shows how a web-based survey can be used to record/report security incidents using the VERIS framework in an efficient and repeatable manner. We chose SurveyGizmo simply because it demonstrates that a VERIS-compliant data entry form can be created using off-the-shelf survey tools or any software that allows creation of custom forms.

Clone this wiki locally