OASIS Common Security Advisory Framework (CSAF) TC

 View Only
  • 1.  CSAF CVRF v1.2 Comments

    Posted 07-17-2017 15:43
    We have no technical corrections/comments but we do have a few minor updates:   Typo on 2.2.3.7 – “The value Produ z ct Name of Branch Type indicates the name of the product.” Syntax: The plural of Product ID is “Product IDs”, not the possessive form “Product ID’s” (2.2.4.n) Syntax: Remove the “:” from the end of 2.2.5.4 Product Tree Model – Grouped: Semantics: The non-normative comment for [CSAF-2.215-1] should read: “The final two vulnerability involvement status states, ….” Reason: since presumably Completed and Disputed are also a final status state based on the statement that open or in-progress documents should eventually be issued as Disputed or Completed.  Syntax: The plural forms of OID and MIB are “OIDs” and “MIBs” respectively, not the possessive form “OID’s” and “MIB’s” (4.4 Document Publisher). Formatting of indent for vuln:Notes on page 59     --------- Beth Pumo, MBA, CISA, CISM, CISSP, PCIP Principal – HIT Standards Technology Consultant Health IT Strategy and Policy (HITSP), Technology Risk Office (TRO) Kaiser Permanente Information Technology 6560 Greenwood Plaza Blvd Englewood, CO 80111   (303) 246-8258 (Mobile) --------- kp.org/thrive   Out of Office   July 24 th – July 28 th                                    September 10 th – September 15 th                         October 23 rd – October 26 th                                         PTO                 August 10 th – August 11 th                         August 31 st – September 1 st                         September 21 st – September 29 th   NOTICE TO RECIPIENT:   If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents.   If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them.   Thank you.