OASIS Common Security Advisory Framework (CSAF) TC

 View Only

OASIS-csaf@ConnectedCommunity.org

Contacts

Chair: Omar Santos, Cisco Systems
osantos@cisco.com

OASIS Staff Contact: Kelly Cullinane
OASIS
kelly.cullinane@oasis-open.org

Description

Standardizing automated disclosure of cybersecurity vulnerability issues

Group Notes

Table of Contents


Announcements

Common Security Advisory Framework Version 2.0 OASIS Standard is now published. For details, see the announcement.

The press release announcing the approval of CSAF v2.0 as an OASIS Standard is available now. You can read it here.

Common Security Advisory Framework v2.0 Committee Specification 03 has been approved and published. See the details in the announcement.

Common Security Advisory Framework v2.0 Committee Specification 02 has been approved and published. See the details in the announcement

Common Security Advisory Framework v2.0 is now approved as an OASIS Committee Specification. See the details in the announcement.

CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is approved as an OASIS Committee Specification. For details, see the announcement.

See press release: OASIS Awards 2017 Open Standards Cup to TOSCA for Cloud Portability and to CSAF for
Cybersecurity Disclosure

Participation in the OASIS CSAF TC is open to all interested parties. Contact join@oasis-open.org for more information.


Overview

The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF). TC deliverables are designed standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.

For more information on the CSAF TC, see the TC Charter.


Officers

  • Chair: Omar Santos ( Cisco)


TC Tools and Approved Publications


    Technical Work Produced by the Committee

    Common Security Advisory Framework Version 2.0. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 18 November 2022. OASIS Standard. https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.

    Common Security Advisory Framework Version 2.0. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 01 August 2022. OASIS Committee Specification 03. https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.

    Common Security Advisory Framework Version 2.0. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 29 June 2022. OASIS Committee Specification 02. https://docs.oasis-open.org/csaf/csaf/v2.0/cs02/csaf-v2.0-cs02.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html

    Common Security Advisory Framework Version 2.0. Edited by Langley Rock, Stefan Hagen, and Thomas Schmidt. 12 November 2021. OASIS Committee Specification 01. https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html. Latest stage: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html.

    CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2” Committee Specification 01. 13 September 2017, Formats: HTML, PDF (Authoritative).


    OASIS TC Open Repositories Sponsored by the Committee

    OASIS TC Open Repositories:

    • csaf-documentation: GitHub repository for management of non-normative information about the work of the CSAF Technical Committee,
      href="https://oasis-open.github.io/csaf-documentation/">including documentation

    • csaf-parser: CSAF Parser tool for parsing and checking the syntax of the Common Vulnerability Reporting Framework (CVRF) content


    Expository Work Produced by the Committee

    There are no approved expository work products for this TC yet.


    External Resources

    Although not produced by the OASIS CSAF TC, the following information offers useful insights into its work.

    External resources have not yet been identified.


    Mailing Lists and Comments

    csaf: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and
    href="http://www.oasis-open.org/committees/membership.php?wg_abbrev=csaf">TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by
    MarkLogic at MarkMail.org.

    csaf-comment: a public mailing list for providing feedback on the technical work of the OASIS CSAF TC. Send a comment or view
    href="http://lists.oasis-open.org/archives/csaf-comment/">the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.


    Press Coverage and Commentary


    What is the Common Security Advisory Framework (CSAF)? Watch this video to find out. 

     

    Public Resources - Will be hidden if you are logged in

    Announcements

    Log in to see this information

    Either the content you're seeking doesn't exist or it requires proper authentication before viewing.

    Latest Discussions