Dear OASIS Admins, Thank you for your support and all the work done! Best wishes, Thomas -- Thomas Schmidt From:
csaf@lists.oasis-open.org <
csaf@lists.oasis-open.org> On Behalf Of Paul Knight Sent: Wednesday, February 14, 2024 6:40 PM To:
project-announce@lists.oasis-open.org;
members@lists.oasis-open.org;
csaf@lists.oasis-open.org;
csaf-comment@lists.oasis-open.org Subject: [csaf] Approved Errata for Common Security Advisory Framework v2.0 published OASIS members and other interested parties, OASIS and the OASIS Common Security Advisory Framework (CSAF) TC [1] are pleased to announce the approval and publication of Common Security Advisory Framework Version 2.0 Errata 01. This document lists the approved errata for the OASIS Standard "Common Security Advisory Framework Version 2.0." The specific changes are listed in section 1.1, at
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/csaf-v2.0-errata01-os.html#11-description-of-changes . The Common Security Advisory Framework (CSAF) Version 2.0 is the definitive reference for the CSAF language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties. The OASIS CSAF Technical Committee is chartered to make a major revision to the widely-adopted Common Vulnerability Reporting Framework (CVRF) specification, originally developed by the Industry Consortium for Advancement of Security on the Internet (ICASI). ICASI has contributed CVRF to the CSAF TC. The revision is being developed under the name Common Security Advisory Framework (CSAF). TC deliverables are designed to standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time. The documents and related files are available here: Common Security Advisory Framework Version 2.0 Errata 01 OASIS Approved Errata 26 January 2024 Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/csaf-v2.0-errata01-os.md HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/csaf-v2.0-errata01-os.html PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/csaf-v2.0-errata01-os.pdf JSON schemas: Aggregator JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/schemas/aggregator_json_schema.json CSAF JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/schemas/csaf_json_schema.json Provider JSON schema:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/schemas/provider_json_schema.json For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/csaf-v2.0-errata01-os.zip Members of the CSAF TC [1] approved the publication of these Errata by Full Majority Vote [2]. The Errata had been released for public review as required by the TC Process [3]. The Approved Errata are now available online in the OASIS Library as referenced above. Our congratulations to the CSAF TC on achieving this milestone. ========== Additional references: [1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/ [2]
https://lists.oasis-open.org/archives/csaf/202402/msg00001.html [3] Public review: - 15-day public review, 20 December 2023:
https://lists.oasis-open.org/archives/members/202312/msg00005.html - Comment resolution log:
https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/csd01/csaf-v2.0-errata01-csd01-comment-resolution-log.txt -- mailto:
paul.knight@oasis-open.org....https://www.oasis-open.org/people/staff/paul-knight
https://www.oasis-open.org/...Setting the standard for open collaboration