Press Release

NIEMOpen Initiative for Information Exchange and CSAF Cybersecurity Standard Win OASIS Open Cup Awards

Andrea Caccia, Jason Keirstead, and Vasileios Mavroeidis Named Distinguished Contributors

26 January 2023 — OASIS Open, the international open source and standards consortium, announced the winners of the 2022 Open Cup, which recognizes exceptional advancements within the OASIS technical community. The Open Cup for Outstanding New Initiative was awarded to NIEMOpen, a framework for sharing critical data in justice, public safety, emergency management, intelligence, and security sectors. The Open Cup for Outstanding Approved Standard was awarded to Common Security Advisory Framework (CSAF) v2.0, a widely used open standard for automated security advisories and vulnerability reporting. Also announced were the 2022 OASIS Distinguished Contributors, individuals recognized for their significant impact on the open source and open standards communities: Andrea Caccia, Jason Keirstead, and Vasileios Mavoeidis.

Open Cup Recipients

The 2022 Outstanding New Initiative, NIEMOpen, transitioned to an OASIS Open Project from the U.S. Department of Defense in October. A collaborative partnership between private industry and all levels of governmental agencies, the NIEM framework enables the effective and efficient sharing of critical data as currently demonstrated in the justice, public safety, emergency and disaster management, intelligence, and homeland security sectors. Developing and implementing NIEM-based exchanges allows diverse organizations to leverage existing investments in information systems by building the bridges for interoperability at the data level. NIEMOpen was chosen as the winner in the Outstanding New Initiative category that included finalists Infrastructure Data-Plane Function (IDPF) TC and the Value Stream Management Interoperability (VSMI) TC.

CSAF v2.0, the Outstanding Approved Standard Open Cup recipient, makes it possible for cyber defenders to quickly and automatically assess the impact of vulnerabilities and respond in an automated way. This version of CSAF includes support for the Vulnerability Exploitability Exchange (VEX) profile, which is especially helpful in efficiently consuming software bills of materials (SBOM) data, part of the recent U.S. Executive Order on Improving the Nation’s Cybersecurity. 

CSAF v2.0 was chosen from a group of finalists that included:

Distinguished Contributors

Each year, the Distinguished Contributor designation is awarded to OASIS members who have made significant contributions to the advancement of open standards and/or open source projects. This year’s honorees hail from Italy, Canada, and Norway, and exemplify the global commitment and collaborative spirit that is indicative of OASIS members.

Andrea Caccia is an independent consultant and project manager with extensive experience in standard and regulation compliance, electronic invoicing and archiving, data preservation, e-signatures, trust services, blockchain and DLT. Caccia participates in numerous European standardization groups and activities at the European Telecommunications Standards Institute (ETSI), the European Committee for Standardization (CEN), and the International Organization for Standardization (ISO). At OASIS, Caccia is Chair of the Code List Representation TC and is an active member of the Security Algorithms and Methods (SAM), ebXML Messaging Services, and the Universal Business Language (UBL) TCs.

“I am very grateful and honored for this unexpected award from OASIS, where I have always found outstanding and supportive colleagues. I am also very grateful to the OASIS staff, always ready to facilitate our work,” said Caccia.

Jason Keirstead is an IBM Distinguished Engineer and CTO of Threat Management at IBM Security. He has been involved in open technology for decades, making significant contributions to and serving as maintainer of several major open source projects. Keirstead has served on the OASIS Board of Directors since 2018 and currently serves as Co-Chair of the Open Cybersecurity Alliance (OCA), where he enjoys helping to define cybersecurity interoperability. A longtime OASIS member, Keirstead is actively involved in numerous Board Committees and Subcommittees, as well as the Cyber Threat Intelligence (CTI), CSAF, and Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TCs.

“I am both proud and humbled to accept this award. Openness and interoperable standards are what created the internet as we know it, as well as the foundations for all the critical technologies we rely on every day,” said Jason Keirstead. “As technologists, it is important that we continue to build upon that tradition of technology openness and thoughtful collaboration, for the greater good of society – and I feel privileged to have been able to help in those efforts.”

Vasileios Mavroeidis, PhD, a scientist and professor of cybersecurity at the University of Oslo, specializes in the domains of automation and cyber threat intelligence representation, reasoning, and sharing. Mavroeidis is actively involved in European and national research and innovation projects that enhance the cybersecurity capacity of EU authorities and operators of essential services. Since 2021, he has been an appointed member of the European Union Agency for Cybersecurity (ENISA) ad hoc working group on Cyber Threat Landscapes and the Cybersecurity Playbooks task force. Mavroeidis is focused on cybersecurity standardization efforts and has extensive involvement in OASIS. He is currently serving as Chair of the Threat Actor Context (TAC) TC and Secretary of the CACAO TC. In addition, he is engaged in the CTI and the Open Command and Control (OpenC2) TCs.

Mavroeidis said, “First and foremost, I want to thank OASIS for naming me a Distinguished Contributor. It is an award I welcome. I’m a great believer in the value of OASIS standardization activities and their role in enhancing and supporting the European Union’s cybersecurity capacity. My involvement in OASIS has been a rewarding journey, and I look forward to further contributing to the advancement of cybersecurity standardization.”

OASIS congratulates this year’s winners and nominees and thanks them for their willingness to share their time and expertise to help advance OASIS’ work.

About OASIS Open

One of the most respected, nonprofit open source and open standards bodies in the world, OASIS advances the fair, transparent development of open source software and standards through the power of global collaboration and community. OASIS is the home for worldwide standards in cybersecurity, blockchain, privacy, IoT, AI, cryptography, cloud computing, emergency management, and other technologies. Many OASIS standards go on to be ratified by de jure bodies and referenced in international policies and government procurement. 

Media inquiries: