Common Security Advisory Framework Version 2.0 OASIS Standard is now published
The definitive reference for security advisories expressed in JSON is now published and available
OASIS is pleased to announce the publication of its newest OASIS Standard, approved by the members on 18 November 2022:
Common Security Advisory Framework Version 2.0
OASIS Standard
18 November 2022
This OASIS Standard is the definitive reference for the language elements of CSAF version 2.0. The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON.
The term Security Advisory describes any notification of security issues in products to or from product vendors, Product Security Incident Response Teams (PSIRTs), product resellers and distributors, and others. The focus of the term is on the security aspect impacting specific product-platform-version combinations. Developers of security scanning tools in particular are likely to find CSAF files most useful.
The TC received 3 Statements of Use from Oracle Corporation, TIBCO Software Inc., and Federal Office for Information Security (BSI) Germany.
URIs
The components of the standard can be found at:
Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.md
HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.pdf
JSON schemas
Aggregator:
https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/aggregator_json_schema.json
CSAF:
https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/csaf_json_schema.json
Provider:
https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/provider_json_schema.json
For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.zip
Our congratulations to the members of the CSAF TC on achieving this outstanding milestone.