OASIS Common Security Advisory Framework (CSAF) TC

Dear Mary Beth,

On Mon, Mar 24, 2025, at 18:22, Mary Beth Minto via OASIS wrote:
> Dear CSAF TC Members:
>
> OASIS plans to issue a press release on Wednesday, 26 March 2025, announcing CSAF v2.0 as the international standard ISO/IEC 20153:2025 <https: www.iso.org standard 89986.html>. A confidential draft of the press release is available [here <https: docs.google.com document d 1czrlb1c3sp71eb_eocvn-zlhgcefjptj8okjjwedbo0 edit?usp=sharing>]. Please feel free to contact me directly with any questions.
>
> I'll follow up again on Wednesday to share the link to the release and OASIS social posts (aiming for 10am ET). We appreciate your support and encourage all CSAF TC members to help us amplify the announcement.
>
> Congratulations to the TC on this significant milestone!
>
> Thank you,
> Mary Beth [...]

I suggest we wait with any PR on that topic until the form has been
sent to ISO and ISO has added the CSAF Standard to the list of publicly
available standards and made available for free.

I suspect that announcing CSAF v2.0 as ISO standard as long as it is only
available behind a pay wall - as many OASIS members often voice - is kind
of asking for negative results. And the "many OASIS members" is real, as
I still remember such discussions in STIX and CSAF committees when it came
to discussions on which references to cite and as well as when some TCs
suggested to submit an OASIS Standard to ISO ...

@Jamie: Did OASIS already submit the form to request from ISO
the provisioning for free based on the public open and free availability
of the CSAF v2.0 specification per the OASIS docs site?

Thanks and all the best,
Stefan.


Original Message:
Sent: 3/24/2025 1:23:00 PM
From: Mary Beth Minto
Subject: OASIS CSAF v2.0 Press Release - Wednesday, 26 March

Dear CSAF TC Members: 

OASIS plans to issue a press release on Wednesday, 26 March 2025, announcing CSAF v2.0 as the international standard ISO/IEC 20153:2025. A confidential draft of the press release is available [here]. Please feel free to contact me directly with any questions.

I'll follow up again on Wednesday to share the link to the release and OASIS social posts (aiming for 10am ET). We appreciate your support and encourage all CSAF TC members to help us amplify the announcement. 

Congratulations to the TC on this significant milestone!

Thank you,
Mary Beth

--

Mary Beth Minto Content Manager OASIS Open

marybeth.minto@oasis-open.org www.oasis-open.org

</https:></https:>

Hi all,

I agree with Stefan - let's make sure, it is publicly available first.

Best wishes,

Thomas

------------------------------
Thomas Schmidt
Subject Matter Expert
Federal Office for Information Security (BSI) Germany
------------------------------

Original Message:
Sent: 03-24-2025 14:36
From: Stefan Hagen
Subject: OASIS CSAF v2.0 Press Release - Wednesday, 26 March

Dear Mary Beth,

On Mon, Mar 24, 2025, at 18:22, Mary Beth Minto via OASIS wrote:
> Dear CSAF TC Members:
>
> OASIS plans to issue a press release on Wednesday, 26 March 2025, announcing CSAF v2.0 as the international standard ISO/IEC 20153:2025 <https: www.iso.org standard 89986.html>. A confidential draft of the press release is available [here <https: docs.google.com document d 1czrlb1c3sp71eb_eocvn-zlhgcefjptj8okjjwedbo0 edit?usp=sharing>]. Please feel free to contact me directly with any questions.
>
> I'll follow up again on Wednesday to share the link to the release and OASIS social posts (aiming for 10am ET). We appreciate your support and encourage all CSAF TC members to help us amplify the announcement.
>
> Congratulations to the TC on this significant milestone!
>
> Thank you,
> Mary Beth [...]

I suggest we wait with any PR on that topic until the form has been
sent to ISO and ISO has added the CSAF Standard to the list of publicly
available standards and made available for free.

I suspect that announcing CSAF v2.0 as ISO standard as long as it is only
available behind a pay wall - as many OASIS members often voice - is kind
of asking for negative results. And the "many OASIS members" is real, as
I still remember such discussions in STIX and CSAF committees when it came
to discussions on which references to cite and as well as when some TCs
suggested to submit an OASIS Standard to ISO ...

@Jamie: Did OASIS already submit the form to request from ISO
the provisioning for free based on the public open and free availability
of the CSAF v2.0 specification per the OASIS docs site?

Thanks and all the best,
Stefan.


Original Message:
Sent: 3/24/2025 1:23:00 PM
From: Mary Beth Minto
Subject: OASIS CSAF v2.0 Press Release - Wednesday, 26 March

Dear CSAF TC Members: 

OASIS plans to issue a press release on Wednesday, 26 March 2025, announcing CSAF v2.0 as the international standard ISO/IEC 20153:2025. A confidential draft of the press release is available [here]. Please feel free to contact me directly with any questions.

I'll follow up again on Wednesday to share the link to the release and OASIS social posts (aiming for 10am ET). We appreciate your support and encourage all CSAF TC members to help us amplify the announcement. 

Congratulations to the TC on this significant milestone!

Thank you,
Mary Beth

--

Mary Beth Minto Content Manager OASIS Open

marybeth.minto@oasis-open.org www.oasis-open.org

</https:></https:>

Original Message:
Sent: 3/25/2025 5:08:00 AM
From: Thomas Schmidt
Subject: RE: OASIS CSAF v2.0 Press Release - Wednesday, 26 March

Hi all,

I agree with Stefan - let's make sure, it is publicly available first.

Best wishes,

Thomas

------------------------------
Thomas Schmidt
Subject Matter Expert
Federal Office for Information Security (BSI) Germany
------------------------------

Original Message:
Sent: 03-24-2025 14:36
From: Stefan Hagen
Subject: OASIS CSAF v2.0 Press Release - Wednesday, 26 March

Dear Mary Beth,

On Mon, Mar 24, 2025, at 18:22, Mary Beth Minto via OASIS wrote:
> Dear CSAF TC Members:
>
> OASIS plans to issue a press release on Wednesday, 26 March 2025, announcing CSAF v2.0 as the international standard ISO/IEC 20153:2025 <https: www.iso.org standard 89986.html>. A confidential draft of the press release is available [here <https: docs.google.com document d 1czrlb1c3sp71eb_eocvn-zlhgcefjptj8okjjwedbo0 edit?usp=sharing>]. Please feel free to contact me directly with any questions.
>
> I'll follow up again on Wednesday to share the link to the release and OASIS social posts (aiming for 10am ET). We appreciate your support and encourage all CSAF TC members to help us amplify the announcement.
>
> Congratulations to the TC on this significant milestone!
>
> Thank you,
> Mary Beth [...]

I suggest we wait with any PR on that topic until the form has been
sent to ISO and ISO has added the CSAF Standard to the list of publicly
available standards and made available for free.

I suspect that announcing CSAF v2.0 as ISO standard as long as it is only
available behind a pay wall - as many OASIS members often voice - is kind
of asking for negative results. And the "many OASIS members" is real, as
I still remember such discussions in STIX and CSAF committees when it came
to discussions on which references to cite and as well as when some TCs
suggested to submit an OASIS Standard to ISO ...

@Jamie: Did OASIS already submit the form to request from ISO
the provisioning for free based on the public open and free availability
of the CSAF v2.0 specification per the OASIS docs site?

Thanks and all the best,
Stefan.


Original Message:
Sent: 3/24/2025 1:23:00 PM
From: Mary Beth Minto
Subject: OASIS CSAF v2.0 Press Release - Wednesday, 26 March

Dear CSAF TC Members: 

OASIS plans to issue a press release on Wednesday, 26 March 2025, announcing CSAF v2.0 as the international standard ISO/IEC 20153:2025. A confidential draft of the press release is available [here]. Please feel free to contact me directly with any questions.

I'll follow up again on Wednesday to share the link to the release and OASIS social posts (aiming for 10am ET). We appreciate your support and encourage all CSAF TC members to help us amplify the announcement. 

Congratulations to the TC on this significant milestone!

Thank you,
Mary Beth

--

Mary Beth Minto Content Manager OASIS Open

marybeth.minto@oasis-open.org www.oasis-open.org

</https:></https:>