Hi Stefan: If the errata is ready for publishing, you can assign the task to OASIS by completing this form . Paul will reach out to you if he has any questions during the publication process. Congrats! KElly On Wed, Feb 7, 2024 at 5:26 PM Stefan Hagen <
stefan@hagen.link> wrote: Hello, On Fri, Jan 19, 2024, at 18:19, Omar Santos (osantos) wrote: Thank you, Stefan, for proposing the motion, and Thomas, for seconding it! As previously stated by Stefan, if there are no objections by 17:00 UTC on January 26, 2024, we will consider the motion approved and will carry automatically. Regards, Omar From: Schmidt, Thomas <
thomas.schmidt@bsi.bund.de > Date: Friday, January 19, 2024 at 12:06 PM To: Stefan Hagen <
stefan@hagen.link>, Paul Knight <
paul.knight@oasis-open.org >,
csaf@lists.oasis-open.org <
csaf@lists.oasis-open.org >,
csaf-comment@lists.oasis-open.org <
csaf-comment@lists.oasis-open.org > Cc: Chet Ensign <
chet.ensign@oasis-open.org >, Kelly Cullinane <
kelly.cullinane@oasis-open.org >, Omar Santos (osantos) <
osantos@cisco.com > Subject: RE: [csaf-comment] Motion to publish approved errata 01 of CSAF v2.0 Re: [csaf] was: Invitation to comment on Common Security Advisory Framework v2.0 Errata 01 - ends January 4th Dear colleagues, I, Thomas Schmidt, second the motion. Best wishes, Thomas -- Thomas Schmidt From:
csaf-comment@lists.oasis-open.org <
csaf-comment@lists.oasis-open.org > On Behalf Of Stefan Hagen Sent: Friday, January 19, 2024 5:58 PM To: Paul Knight <
paul.knight@oasis-open.org >;
csaf@lists.oasis-open.org ;
csaf-comment@lists.oasis-open.org Cc: Chet Ensign <
chet.ensign@oasis-open.org >; Kelly Cullinane <
kelly.cullinane@oasis-open.org >; Omar Santos (osantos) <
osantos@cisco.com >; Schmidt, Thomas <
thomas.schmidt@bsi.bund.de > Subject: [csaf-comment] Motion to publish approved errata 01 of CSAF v2.0 Re: [csaf] was: Invitation to comment on Common Security Advisory Framework v2.0 Errata 01 - ends January 4th Dear TC members and OASIS administrators, On Wed, Dec 20, 2023, at 20:31, Paul Knight wrote: OASIS members and other interested parties, OASIS and the OASIS Common Security Advisory Framework (CSAF) TC are pleased to announce that Common Security Advisory Framework Version 2.0 Errata 01 is now available for public review and comment. This document incorporates proposed errata for the OASIS Standard "Common Security Advisory Framework Version 2.0." The specific changes are listed in section 1.1, at
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01.html#11-description-of-changes . The Common Security Advisory Framework (CSAF) Version 2.0 is the definitive reference for the CSAF language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties. The OASIS CSAF Technical Committee is chartered to make a major revision to the widely-adopted Common Vulnerability Reporting Framework (CVRF) specification, originally developed by the Industry Consortium for Advancement of Security on the Internet (ICASI). ICASI has contributed CVRF to the TC. The revision is being developed under the name Common Security Advisory Framework (CSAF). TC deliverables are designed to standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time. The documents and related files are available here: Common Security Advisory Framework Version 2.0 Errata 01 Committee Specification Draft 01 15 December 2023 Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01.md HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01.html PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01.pdf JSON schemas: Aggregator JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/schemas/aggregator_json_schema.json CSAF JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/schemas/csaf_json_schema.json Provider JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/schemas/provider_json_schema.json For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01.zip A public review announcement metadata record [3] is published along with the specification files. How to Provide Feedback OASIS and the CSAF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work. The public review starts 21 December 2023 at 00:00 UTC and ends 04 January 2024 at 23:59 UTC. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC's "Send A Comment" page (
https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=csaf ). Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/csaf-comment/ All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification. OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work. Additional information about the specification and the CSAF TC can be found at the TC's public home page:
https://www.oasis-open.org/committees/csaf/ ========== Additional references: [1]
https://www.oasis-open.org/policies-guidelines/ipr/ [2]
https://www.oasis-open.org/committees/csaf/ipr.php https://www.oasis-open.org/policies-guidelines/ipr/#Non-Assertion-Mode [3] Public review announcement metadata:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01-public-review-metadata.html -- Paul Knight ... . Document Process Analyst OASIS ... Setting the standard for open collaboration this mail to the comments and TC mailing list is to document the fact that no comments have been received during the above defined public review. I move that the TC approve "Common Security Advisory Framework Version 2.0 Errata 01" contained in
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01.zip as an Approved Errata and make it available with Common Security Advisory Framework Version 2.0 Errata 01 OASIS Standard. If seconded and no objections raised this motion shall automatically carry 7 days after this email stating the motion on 2024-01-26 17:00 UTC. Cheers, Stefan. --- Stefan Hagen, Emmetten, Nidwalden, Switzerland. read:
https://stefan-hagen.website write:
stefan@hagen.link I think the motion thereby carries and I would love to ensure progress in that matter. What do we need to do, to push the errata into the bright light where they belong? Thanks. Cheers, Stefan. --- Stefan Hagen, Emmetten, Nidwalden, Switzerland. read:
https://stefan-hagen.website write:
stefan@hagen.link