OASIS Common Security Advisory Framework (CSAF) TC

 View Only
  • 1.  Call to action for #832

    Posted 11-27-2024 14:13

    Dear colleagues,

    as discussed in today's TC meeting regarding Issue 832 "Need real examples of VEX based on actual products and known vulnerabilities, such as Log4J" (https://github.com/oasis-tcs/csaf/issues/832):

    I hereby submit the following call to action and request that all TC members check whether they have valid CSAF VEX for the Log4Shell vulnerabilities and if so are able to share/link them in the issue. Please link or share them directly in the issue.

    Best regards,

    Thomas



    ------------------------------
    Thomas Schmidt
    Subject Matter Expert
    Federal Office for Information Security (BSI) Germany
    ------------------------------