OASIS Common Security Advisory Framework (CSAF) TC

 View Only
  • 1.  CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification

    Posted 09-20-2017 21:45
    OASIS Members and other interested parties, We are pleased to announce the publication of CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2, the first approved specification from the members of the OASIS Common Security Advisory Framework (CSAF) TC. CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 Committee Specification 01 13 September 2017 CVRF is a language to exchange Security Advisories and provide for greater interoperability among products by ensuring that machine-readable security advisories can be produced and consumed much more broadly. The specification builds on the Common Vulnerability Reporting Framework (CVRF) 1.1 which was initiated by ICASI, the Industry Consortium for Advancement of Security on the Internet and contributed to OASIS. For more information on CVRF and the CSAF TC, see the press release at https://www.oasis-open.org/news/pr/oasis-advances-standard-for-automated-disclosure-of-cybersecurity-vulnerability-issues This is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation. The prose specifications and related files are available here: PDF (Authoritative): http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.pdf HTML: http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html Editable source: http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.docx XML schemas:  http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/schemas/ Distribution ZIP file For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here: http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.zip Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above. Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work. ========== Additional references: [1] OASIS Common Security Advisory Framework (CSAF) TC https://www.oasis-open.org/committees/csaf/ [2] Public reviews:  - 30-day public review, 21 June 2017: https://lists.oasis-open.org/archives/members/201706/msg00007.html   - Comment resolution log:    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csprd01/csaf-cvrf-v1.2-csprd01-comment-resolution-log.txt [3] Approval ballot:  https://www.oasis-open.org/committees/ballot.php?id=3121 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 


  • 2.  Re: [csaf-comment] CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification

    Posted 09-20-2017 22:00




    Thank you Chet for all your support!
     
    To the TC members,
     
    This is a great accomplishment! Thank you all for your continuous collaboration and participation.

    Special thanks to Stefan Hagen for almost single-handedly creating all the documentation and editorial tasks and Feng Cao for your technical contributions.
     
    Now to a great start on the 2.0 major release. We have a lot of work ahead of us.
     


    Regards,


     


    Omar Santos


    PSIRT, Security Research and Operations


    Cisco Systems, Inc.


    Email:  os@cisco.com


    PGP Key: 0x3AF27EDC
     

    From: <csaf-comment@lists.oasis-open.org> on behalf of Chet Ensign <chet.ensign@oasis-open.org>
    Date: Wednesday, September 20, 2017 at 5:44 PM
    To: "tc-announce@lists.oasis-open.org" <tc-announce@lists.oasis-open.org>, "members@lists.oasis-open.org" <members@lists.oasis-open.org>, "csaf@lists.oasis-open.org" <csaf@lists.oasis-open.org>, "csaf-comment@lists.oasis-open.org" <csaf-comment@lists.oasis-open.org>
    Subject: [csaf-comment] CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification


     



    OASIS Members and other interested parties,


     


    We are pleased to announce the publication of CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2, the first approved specification from the members of the OASIS Common Security Advisory Framework (CSAF) TC.


     


    CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2


    Committee Specification 01


    13 September 2017


     


    CVRF is a language to exchange Security Advisories and provide for greater interoperability among products by ensuring that machine-readable security advisories can be produced and consumed much more broadly. The specification builds on
    the Common Vulnerability Reporting Framework (CVRF) 1.1 which was initiated by ICASI, the Industry Consortium for Advancement of Security on the Internet and contributed to OASIS.


     


    For more information on CVRF and the CSAF TC, see the press release at

    https://www.oasis-open.org/news/pr/oasis-advances-standard-for-automated-disclosure-of-cybersecurity-vulnerability-issues


     


    This is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.


     


    The prose specifications and related files are available here:


     


    PDF (Authoritative):


    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.pdf


     


    HTML:


    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html


     


    Editable source:


    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.docx


     


    XML schemas: 


    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/schemas/


     


    Distribution ZIP file


     


    For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:


     


    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.zip


     


    Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the
    document is now available online in the OASIS Library as referenced above.


     


    Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.


     


    ========== Additional references:


     


    [1] OASIS Common Security Advisory Framework (CSAF) TC


    https://www.oasis-open.org/committees/csaf/


     


    [2] Public reviews: 


    - 30-day public review, 21 June 2017:


    https://lists.oasis-open.org/archives/members/201706/msg00007.html


      - Comment resolution log: 


     
    http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csprd01/csaf-cvrf-v1.2-csprd01-comment-resolution-log.txt


     


    [3] Approval ballot: 


    https://www.oasis-open.org/committees/ballot.php?id=3121


     


     

    --





    /chet 
    ----------------
    Chet Ensign
    Director of Standards Development and TC Administration 
    OASIS: Advancing open standards for the information society
    http://www.oasis-open.org

    Primary: +1 973-996-2298
    Mobile: +1 201-341-1393 











  • 3.  Re: [csaf-comment] CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification

    Posted 09-20-2017 22:07
    Let me add my congratulations to you all as well. Your work paid with the rapid approval of a CS. Really - this is about as fast as it gets! It is a pleasure to work with you all.  Best regards,  /chet On Wed, Sep 20, 2017 at 6:00 PM, Omar Santos (osantos) < osantos@cisco.com > wrote: Thank you Chet for all your support!   To the TC members,   This is a great accomplishment! Thank you all for your continuous collaboration and participation. Special thanks to Stefan Hagen for almost single-handedly creating all the documentation and editorial tasks and Feng Cao for your technical contributions.   Now to a great start on the 2.0 major release. We have a lot of work ahead of us.   Regards,   Omar Santos PSIRT, Security Research and Operations Cisco Systems, Inc. Email:  os@cisco.com PGP Key: 0x3AF27EDC   From: < csaf-comment@lists.oasis- open.org > on behalf of Chet Ensign < chet.ensign@oasis-open.org > Date: Wednesday, September 20, 2017 at 5:44 PM To: " tc-announce@lists.oasis-open. org " < tc-announce@lists.oasis-open. org >, " members@lists.oasis-open.org " < members@lists.oasis-open.org > , " csaf@lists.oasis-open.org " < csaf@lists.oasis-open.org >, " csaf-comment@lists.oasis- open.org " < csaf-comment@lists.oasis- open.org > Subject: [csaf-comment] CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification   OASIS Members and other interested parties,   We are pleased to announce the publication of CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2, the first approved specification from the members of the OASIS Common Security Advisory Framework (CSAF) TC.   CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 Committee Specification 01 13 September 2017   CVRF is a language to exchange Security Advisories and provide for greater interoperability among products by ensuring that machine-readable security advisories can be produced and consumed much more broadly. The specification builds on the Common Vulnerability Reporting Framework (CVRF) 1.1 which was initiated by ICASI, the Industry Consortium for Advancement of Security on the Internet and contributed to OASIS.   For more information on CVRF and the CSAF TC, see the press release at https://www.oasis-open.org/ news/pr/oasis-advances- standard-for-automated- disclosure-of-cybersecurity- vulnerability-issues   This is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.   The prose specifications and related files are available here:   PDF (Authoritative): http://docs.oasis-open.org/ csaf/csaf-cvrf/v1.2/cs01/csaf- cvrf-v1.2-cs01.pdf   HTML: http://docs.oasis-open.org/ csaf/csaf-cvrf/v1.2/cs01/csaf- cvrf-v1.2-cs01.html   Editable source: http://docs.oasis-open.org/ csaf/csaf-cvrf/v1.2/cs01/csaf- cvrf-v1.2-cs01.docx   XML schemas:  http://docs.oasis-open.org/ csaf/csaf-cvrf/v1.2/cs01/ schemas/   Distribution ZIP file   For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:   http://docs.oasis-open.org/ csaf/csaf-cvrf/v1.2/cs01/csaf- cvrf-v1.2-cs01.zip   Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.   Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.   ========== Additional references:   [1] OASIS Common Security Advisory Framework (CSAF) TC https://www.oasis-open.org/ committees/csaf/   [2] Public reviews:  - 30-day public review, 21 June 2017: https://lists.oasis-open.org/ archives/members/201706/ msg00007.html   - Comment resolution log:    http://docs.oasis-open.org/ csaf/csaf-cvrf/v1.2/csprd01/ csaf-cvrf-v1.2-csprd01- comment-resolution-log.txt   [3] Approval ballot:  https://www.oasis-open.org/ committees/ballot.php?id=3121     -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393   -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393