OASIS Common Security Advisory Framework (CSAF) TC

New CSD02 / CS01 candidate - revision report and tentative next steps

  • 1.  New CSD02 / CS01 candidate - revision report and tentative next steps

    Posted 08-30-2017 10:42
    Dear members, as of this European morning, the CSD02 WD01 of "CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2" is available on kavi. [1] The changes applied are purely editorial, and mostly deal with correcting the non-native English editor's language knowledge (like placement of single apostrophe for plural and possessive). In the hope it helps, a revision report containing the applied changes in a diff format has been published in kavi for your reading / navigational pleasure [2]. It was just about one hour of effort: - including the download of CSD01PR01 start material, - application of the changes required to apply issue CSAF-30 [3], - commit in github TC repository - and publication via kavi; but I personally was kind of "running on empty" the month of August until now, so that this caused the late provisioning only short before the monthly meeting, and I am sorry for this. This revision contains only non-material changes[4] per the TC process [5] These are as prescribed by the process (a) documented as reference in the document's revision history and clearly layed out in issue CSAF-30 [3]. In case there is consensus among the TC members to further progress this work product on the standards track, we will need to maintain some motions (and a ballot) - but these steps are as simple as 1-2-3 ;-) 1) A motion to accept the CSD02 WD01 revision of "CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2" at https://www.oasis-open.org/committees/download.php/61471/csaf-cvrf-v1.2-csd02-2017-08-30-pack.zip as Committee Specification Draft 02 including publishing without any public review (Skipping any further public review is possible because we meet the following condition from [5]): "If only Non-Material Changes are made to the draft after the public review, then the TC may proceed with the approval as a Committee Specification in accordance with Section 2.7 without conducting another public review cycle." 2) Further the TC requests from the Chair to (a) request publication of the Committee Specification Draft 02, and (b) direct the Chair and Secretary to perform any tasks as required by TC Administrator to facilitate that issuance. Following that and based on section 2.7 first paragraph in [5]: "2.7 Approval of a Committee Specification After the public review, the TC may approve the Committee Specification Draft as a Committee Specification. If any comments have been received during the most recent public review period, that vote may not commence any earlier than 7 days after the last day of that public review. The approval of a Committee Specification shall require a Special Majority Vote. The TC Chair shall notify the TC Administrator that the TC requests a Special Majority Vote for the advancement of the draft as a Committee Specification and provide to the TC Administrator any other required information. The TC Administrator shall set up and conduct the ballot to approve the Committee Specification " Where a "Committee Specification" is (cf [7]): '"Committee Specification" is a Standards Track Work Product that has been approved as such by a Special Majority Vote of a Technical Committee. A Committee Specification is an OASIS Standards Final Deliverable and subject to the patent licensing and other obligations explained in the OASIS IPR Policy.' 3) A motion that requests from the Chair to notify the TC Administrator, that (a) the TC requests a "Special Majority Vote" [6] to advance the Committee Specification Draft 02 as Commitee Specification 01, (b) request publication upon success of the ballot, and (c) direct the Chair and Secretary to perform any tasks as required by TC Administrator to facilitate that issuance. Then we should all care to vote on the ballot and when the ballot closes, and it succeeded, we have a committee spec :-) References: [1]: CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 Committee Specification Draft 02 WD 01: https://www.oasis-open.org/apps/org/workgroup/csaf/download.php/61467/csaf-cvrf-v1.2-csd02-wd01-2017-08-30.pdf with the public accessible link being: https://www.oasis-open.org/committees/download.php/61467/csaf-cvrf-v1.2-csd02-wd01-2017-08-30.pdf [2]: Revision Report of the non-material changes (CSAF-30) https://www.oasis-open.org/apps/org/workgroup/csaf/download.php/61469/csaf-cvrf-v1.2-csprd01-csd02-wd01-2017-08-30-non-material-changes-report.pdf with the public accessible link being: https://www.oasis-open.org/committees/download.php/61469/csaf-cvrf-v1.2-csprd01-csd02-wd01-2017-08-30-non-material-changes-report.pdf [3]: CSAF-30 - CSD01 WD01 Review comments from Beth Pumo: https://issues.oasis-open.org/browse/CSAF-30 [4]: TC Process Definition of what constitutes a "Non-material change": https://www.oasis-open.org/policies-guidelines/oasis-defined-terms-2017-05-26#dNonmaterialChange As a service cited below: "Non-Material Change" is any change to the content of a Work Product that does not add or remove any feature of the Work Product and that: (a) constitutes only error corrections, editorial changes, or formatting changes; or (b) is a pro forma change to content required by TC Administration. [5]: TC Process: https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#publicReview [6]: TC Process Definition of a "Special Majority Vote": https://www.oasis-open.org/policies-guidelines/oasis-defined-terms-2017-05-26#dSpecialMajority [7]: TC Process Definition of a "xxx": https://www.oasis-open.org/policies-guidelines/oasis-defined-terms-2017-05-26#dCommitteeSpec All the best, Stefan.