OASIS Common Security Advisory Framework (CSAF) TC

Join TC     TC Page     Send a comment to this TC

Standardizing automated disclosure of cybersecurity vulnerability issues

Omar Santos, os@cisco.com, Chair
Stefan Hagen, stefan@hagen.link, Secretary

Table of Contents


Announcements

See press release: OASIS Advances Standard for Automated Disclosure of Cybersecurity Vulnerability Issues; Cisco, EclecticIQ, FireEye, Hitachi, IBM, Intel, LookingGlass, NIST, NC4, Oracle, Red Hat, SafeNet, TELUS, VeriSign, Center for Internet Security, CERT/CC, US DHS, and Others Define Common Security Advisory Framework (CSAF).

Participation in the OASIS CSAF TC is open to all interested parties. Contact join@oasis-open.org for more information.


Overview

The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF). TC deliverables are designed standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.

For more information on the CSAF TC, see the TC Charter.


Officers

  • Chair: Omar Santos ( Cisco)
  • Secretary: Stefan Hagen (Individual)


Subcommittees

No subcommittees have been formed for this TC.


TC Liaisons

No TC Liaisons have been announced for this TC.


TC Tools and Approved Publications


Technical Work Produced by the Committee

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2”, Committee Specification Draft 01 / Public Review Draft 01, 31 May 2017, Formats: HTML, PDF (Authoritative); The public review started 21 June 2017 at 00:00 UTC and ends 20 July 2017 at 23:59 UTC.


OASIS Open Source Repositories Sponsored by the Committee

This Committee has not created any Open Repositories yet.


Expository Work Produced by the Committee

There are no approved expository work products for this TC yet.


External Resources

Although not produced by the OASIS CSAF TC, the following information offers useful insights into its work.

External resources have not yet been identified.


Mailing Lists and Comments

csaf: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.

csaf-comment: a public mailing list for providing feedback on the technical work of the OASIS CSAF TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.


Press Coverage and Commentary


Additional Information


Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.