An open format for describing vulnerabilities within a target system. It standardizes models for analyzing vulnerabilities and presenting basic information about the system being investigated. The report provides a comprehensive overview of the issue — a description of the initial configuration, CVEs, detection methods, and links to patches. The result of the data formalization is a processable XML file.