OASIS Common Security Advisory Framework (CSAF) TC

 View Only

First revision of CSAF CVRF v1.2 CSD01 WD01 (2017-03-10) available

  • 1.  First revision of CSAF CVRF v1.2 CSD01 WD01 (2017-03-10) available

    Posted 03-10-2017 22:58
    Dear members, a few minutes ago I pushed the 2017-03-10 edition of the first revision to CSAF CVRF v1.2 CSD01 WD01 to kavi and github. Please take some time before the next TC meeting, to have a look at it and give feedback. The "CVRF 1.2" is the prose document and the content of the schemas folder (as referenced on the title page). Things on my TODO list (time boxed processing): 1) Produce the additional visuals - esp. in the Vulnerability section 2) Enhance the resolution of these visuals, so the character content remains readable 3) Make another pass through the prose to weed out resilient (or newly introduced) errors - where we deviate from the schema given rules. 4) Esp. receive feedback from authors of the "used" constructs like SCAP, CPE, and CVSS - like Dave, Harold, Karen, ... ;-) 5) Receive special feedback on the already embedded change suggested by Art that makes the CVSSScoreSets element less educational, but more open for producers that not yet migrated to CVSS version 3 6) Special feedback from Feng for the changes in the schema files - mostly namespace nits, removal of unneeded referrals/imports 7) I would really enjoy also feedback from those members that operate tools - producing or consuming - massive amounts of such SA's to get a feeling, if there are things we did not consider, as many practical problems only surface in the light of implementation and production practice. 8) Revisit all examples to be in the same style (I intentionally changed some to namespace qualified style, while most I left as is unqualified). 9) Define additional full document examples for the appendix and as noted / sketched there already. All the best, Stefan.