OASIS members and other interested parties,
OASIS and the CSAF TC are pleased to announce that CSAF v2.1 CSD01 is now available for public review and comment.
The Common Security Advisory Framework (CSAF) Version 2.1 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.
The documents and all related files are available here:
The Common Security Advisory Framework (CSAF) Version 2.1
Committee Specification Draft 01
28 May 2025
Markdown: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.md (Authoritative)
HTML: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.html
PDF: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.pdf
Schemas:
For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at: https://docs.oasis-open.org/csaf/csaf/v2.1/csd01/csaf-v2.1-csd01.zip
How to Provide Feedback
OASIS and the CSAF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.
The public review starts June 6, 2025 and ends July 6, 2025 at 23:59 UTC.
Comments may be submitted to the project by any person through the use of the project's Comment Facility located here.
Please note, you must log in or create a free account to see the material. Please contact the TC Administrator (tc-admin@oasis-open.org) if you have any questions regarding how to submit a comment.
All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy applicable especially to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification.
OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work.
Additional information about the specification and the CSAF TC can be found at the TC's public homepage located here.