OASIS Common Security Advisory Framework (CSAF) TC

 View Only

  • 1.  Submission of OASIS CSAF v2.1 CSD02 for 15 day public review

    Posted 03-16-2026 15:56
    Dear Kelly,

    I created the release on GitHub for OASIS CSAF v2.1 CSD02 at:

    - https://github.com/oasis-tcs/csaf/releases/tag/csaf-2.1-csd-02-20260225-rc1

    The description and attached ZIP-file are as usual (a few more schema files, though).

    The approved minutes of the latest TC meeting on 2026-02-25 at:

    - https://github.com/oasis-tcs/csaf/blob/master/meeting_minutes/2026/2026-02-25.md

    do provide the documentation of the successful motion for a standing rule
    that enables us to trigger CSD02 public review with this email from an editor:

    (begin citation)"Standing rule
    #sr1bp(https://www.oasis-open.org/policies-guidelines/document-life-cycle-best-practices/#SR1BP)

    As a standing rule, the TC may authorize the editor(s) to
    publish additional versions of a CSD or CND either on a regular basis or
    at their discretion without additional motions, calls for consent, or ballots.
    This is desirable to speed up progress.
    Stefan Hagen presents a motion to organize a full majority vote to adopt
    this standing rule. Sergii seconded. No discussions or objection.
    Full majority vote is succesful. The standing rule was enacted.
    The following Voting Members voted in favor:
    - Christian Banse
    - Christoph Plutte
    - Feng Cao
    - Jessie Vaught
    - Sergii Demianchuk
    - Sonny van Lingen
    - Stefan Hagen
    - Thomas Schmidt"(end citation)

    Documentation of motion to approve the minutes at:

    - https://github.com/oasis-tcs/csaf/pull/1333#issuecomment-3998633845

    (begin citation)"Motion set and seconded:
    https://groups.oasis-open.org/discussion/motion-for-the-meeting-minutes-2026-02-25-in-1333
    on 2026-03-04. The motion will automatically carry if no objection is received per the
    TC list before one week has passed on 2026-03-11 17:00 UTC."(end citation)

    I hope this is all that OASIS administration needs to publish.

    In case I can help, please kindly contact me.

    Thanks.

    On Tue, Mar 3, 2026, at 18:54, Kelly Cullinane wrote:
    > Ok thanks for letting me know! I will keep an eye out. Please also send me a quick note so I can be sure that I see the ticket pending in the queue.
    >
    > On Sat, Feb 28, 2026 at 5:57 PM Schmidt, Thomas <thomas.schmidt@bsi.bund.de> wrote:
    >> Hi Kelly,
    >> we plan to submit CSAF 2.1 CSD02 early March (definitely after 2026-03-07 22:00 UTC) for a 15 day review. If possible, it would be nice to let the review period end (as early as possible, but) before 2026-03-25 as we have our next TC meeting there.
    >>
    >> Best wishes,
    >> Thomas [...]

    Cheers,
    Stefan
    --
    Stefan Hagen
    Distinguished Contributor, OASIS
    Co-Chair, OASIS CSAF TC, DSS-X TC, and SARIF TC
    Secretary, ACCU
    Secretary, IEEE P24748-5 - Software Engineering Technical Management
    Secretary, IEEE P3349 - Space System Cybersecurity Integration Layer SG
    Secretary, OASIS OpenEOX TC and SAM TC</thomas.schmidt@bsi.bund.de>


  • 2.  RE: Submission of OASIS CSAF v2.1 CSD02 for 15 day public review

    Posted 03-17-2026 18:09
    Hi Stefan,

    I am preparing for your public review. 

    I have uploaded the files to the OASIS library. Before I go any further, can you please take a look here and let me know if this looks ok? Are there any files missing?


    Thanks,
    Kelly

    On Mon, Mar 16, 2026 at 3:55 PM Stefan Hagen <stefan@hagen.link> wrote:
    Dear Kelly,

    I created the release on GitHub for OASIS CSAF v2.1 CSD02 at:

    - https://github.com/oasis-tcs/csaf/releases/tag/csaf-2.1-csd-02-20260225-rc1

    The description and attached ZIP-file are as usual (a few more schema files, though).

    The approved minutes of the latest TC meeting on 2026-02-25 at:

    - https://github.com/oasis-tcs/csaf/blob/master/meeting_minutes/2026/2026-02-25.md

    do provide the documentation of the successful motion for a standing rule
    that enables us to trigger CSD02 public review with this email from an editor:

    (begin citation)"Standing rule
    #SR1BP(https://www.oasis-open.org/policies-guidelines/document-life-cycle-best-practices/#SR1BP)

    As a standing rule, the TC may authorize the editor(s) to
    publish additional versions of a CSD or CND either on a regular basis or
    at their discretion without additional motions, calls for consent, or ballots.
    This is desirable to speed up progress.
    Stefan Hagen presents a motion to organize a full majority vote to adopt
    this standing rule. Sergii seconded. No discussions or objection.
    Full majority vote is succesful. The standing rule was enacted.
    The following Voting Members voted in favor:
    - Christian Banse
    - Christoph Plutte
    - Feng Cao
    - Jessie Vaught
    - Sergii Demianchuk
    - Sonny van Lingen
    - Stefan Hagen
    - Thomas Schmidt"(end citation)

    Documentation of motion to approve the minutes at:

    - https://github.com/oasis-tcs/csaf/pull/1333#issuecomment-3998633845

    (begin citation)"Motion set and seconded:
    https://groups.oasis-open.org/discussion/motion-for-the-meeting-minutes-2026-02-25-in-1333
    on 2026-03-04. The motion will automatically carry if no objection is received per the
    TC list before one week has passed on 2026-03-11 17:00 UTC."(end citation)

    I hope this is all that OASIS administration needs to publish.

    In case I can help, please kindly contact me.

    Thanks.

    On Tue, Mar 3, 2026, at 18:54, Kelly Cullinane wrote:
    > Ok thanks for letting me know! I will keep an eye out. Please also send me a quick note so I can be sure that I see the ticket pending in the queue.
    >
    > On Sat, Feb 28, 2026 at 5:57 PM Schmidt, Thomas <thomas.schmidt@bsi.bund.de> wrote:
    >> Hi Kelly,
    >> we plan to submit CSAF 2.1 CSD02 early March (definitely after 2026-03-07 22:00 UTC) for a 15 day review. If possible, it would be nice to let the review period end (as early as possible, but) before 2026-03-25 as we have our next TC meeting there.
    >>
    >> Best wishes,
    >> Thomas [...]

    Cheers,
    Stefan
    --
    Stefan Hagen
    Distinguished Contributor, OASIS
    Co-Chair, OASIS CSAF TC, DSS-X TC, and SARIF TC
    Secretary, ACCU
    Secretary, IEEE P24748-5 - Software Engineering Technical Management
    Secretary, IEEE P3349 - Space System Cybersecurity Integration Layer SG
    Secretary, OASIS OpenEOX TC and SAM TC





  • 3.  RE: Submission of OASIS CSAF v2.1 CSD02 for 15 day public review

    Posted 03-17-2026 18:58
    Hi Kelly,

    this looks fine to me.

    The three document files display in my browser and
    the link to a schema file from the title page of the HTML and PDF works.

    I suggest to go ahead.

    Thanks a lot for this fast publishing, much appreciated!

    Chheers,
    Stefan.


    On Tue, Mar 17, 2026, at 23:09, Kelly Cullinane via OASIS wrote:
    Hi Stefan, I am preparing for your public review. I have uploaded the files to the OASIS library. Before I go any further, can you please take a... -posted to the "OASIS Common Security Advisory Framework (CSAF) TC" community

    OASIS Common Security Advisory Framework (CSAF) TC

    Post New Message
    Re: Submission of OASIS CSAF v2.1 CSD02 for 15 day public review
    Reply to GroupReply to Sender via Email

    Mar 17, 2026 6:09 PM
    Kelly Cullinane
    Hi Stefan,

    I am preparing for your public review. 

    I have uploaded the files to the OASIS library. Before I go any further, can you please take a look here and let me know if this looks ok? Are there any files missing?


    Thanks,
    Kelly

    On Mon, Mar 16, 2026 at 3:55 PM Stefan Hagen <stefan@hagen.link> wrote:
    Dear Kelly,

    I created the release on GitHub for OASIS CSAF v2.1 CSD02 at:


    The description and attached ZIP-file are as usual (a few more schema files, though).

    The approved minutes of the latest TC meeting on 2026-02-25 at:


    do provide the documentation of the successful motion for a standing rule
    that enables us to trigger CSD02 public review with this email from an editor:

    (begin citation)"Standing rule

    As a standing rule, the TC may authorize the editor(s) to
    publish additional versions of a CSD or CND either on a regular basis or
    at their discretion without additional motions, calls for consent, or ballots.
    This is desirable to speed up progress.
    Stefan Hagen presents a motion to organize a full majority vote to adopt
    this standing rule. Sergii seconded. No discussions or objection.
    Full majority vote is succesful. The standing rule was enacted.
    The following Voting Members voted in favor:
    - Christian Banse
    - Christoph Plutte
    - Feng Cao
    - Jessie Vaught
    - Sergii Demianchuk
    - Sonny van Lingen
    - Stefan Hagen
    - Thomas Schmidt"(end citation)

    Documentation of motion to approve the minutes at:


    (begin citation)"Motion set and seconded:
    on 2026-03-04. The motion will automatically carry if no objection is received per the
    TC list before one week has passed on 2026-03-11 17:00 UTC."(end citation)

    I hope this is all that OASIS administration needs to publish.

    In case I can help, please kindly contact me.

    Thanks.

    On Tue, Mar 3, 2026, at 18:54, Kelly Cullinane wrote:
    > Ok thanks for letting me know! I will keep an eye out. Please also send me a quick note so I can be sure that I see the ticket pending in the queue.
    >
    > On Sat, Feb 28, 2026 at 5:57 PM Schmidt, Thomas <thomas.schmidt@bsi.bund.de> wrote:
    >> Hi Kelly,
    >> we plan to submit CSAF 2.1 CSD02 early March (definitely after 2026-03-07 22:00 UTC) for a 15 day review. If possible, it would be nice to let the review period end (as early as possible, but) before 2026-03-25 as we have our next TC meeting there.
    >>
    >> Best wishes,
    >> Thomas [...]

    Cheers,
    Stefan [...]

      Reply to Group via Email   Reply to Sender via Email   View Thread   Recommend   Forward  
    -------------------------------------------
    Original Message:
    Sent: 3/16/2026 3:56:00 PM


     
    You are subscribed to "OASIS Common Security Advisory Framework (CSAF) TC" as stefan@hagen.link. To change your subscriptions, go to My Subscriptions. To unsubscribe from this community discussion, go to Unsubscribe.




    Original Message


  • 4.  RE: Submission of OASIS CSAF v2.1 CSD02 for 15 day public review

    Posted 03-20-2026 14:58
    Hello All,

    Just wanted to follow up on this to see how I should proceed. 

    I will have very limited availability next week due to the RSA Conference. I will check messages as i am able. 

    Kelly

    On Tue, Mar 17, 2026 at 6:08 PM Kelly Cullinane <kelly.cullinane@oasis-open.org> wrote:
    Hi Stefan,

    I am preparing for your public review. 

    I have uploaded the files to the OASIS library. Before I go any further, can you please take a look here and let me know if this looks ok? Are there any files missing?


    Thanks,
    Kelly

    On Mon, Mar 16, 2026 at 3:55 PM Stefan Hagen <stefan@hagen.link> wrote:
    Dear Kelly,

    I created the release on GitHub for OASIS CSAF v2.1 CSD02 at:

    - https://github.com/oasis-tcs/csaf/releases/tag/csaf-2.1-csd-02-20260225-rc1

    The description and attached ZIP-file are as usual (a few more schema files, though).

    The approved minutes of the latest TC meeting on 2026-02-25 at:

    - https://github.com/oasis-tcs/csaf/blob/master/meeting_minutes/2026/2026-02-25.md

    do provide the documentation of the successful motion for a standing rule
    that enables us to trigger CSD02 public review with this email from an editor:

    (begin citation)"Standing rule
    #SR1BP(https://www.oasis-open.org/policies-guidelines/document-life-cycle-best-practices/#SR1BP)

    As a standing rule, the TC may authorize the editor(s) to
    publish additional versions of a CSD or CND either on a regular basis or
    at their discretion without additional motions, calls for consent, or ballots.
    This is desirable to speed up progress.
    Stefan Hagen presents a motion to organize a full majority vote to adopt
    this standing rule. Sergii seconded. No discussions or objection.
    Full majority vote is succesful. The standing rule was enacted.
    The following Voting Members voted in favor:
    - Christian Banse
    - Christoph Plutte
    - Feng Cao
    - Jessie Vaught
    - Sergii Demianchuk
    - Sonny van Lingen
    - Stefan Hagen
    - Thomas Schmidt"(end citation)

    Documentation of motion to approve the minutes at:

    - https://github.com/oasis-tcs/csaf/pull/1333#issuecomment-3998633845

    (begin citation)"Motion set and seconded:
    https://groups.oasis-open.org/discussion/motion-for-the-meeting-minutes-2026-02-25-in-1333
    on 2026-03-04. The motion will automatically carry if no objection is received per the
    TC list before one week has passed on 2026-03-11 17:00 UTC."(end citation)

    I hope this is all that OASIS administration needs to publish.

    In case I can help, please kindly contact me.

    Thanks.

    On Tue, Mar 3, 2026, at 18:54, Kelly Cullinane wrote:
    > Ok thanks for letting me know! I will keep an eye out. Please also send me a quick note so I can be sure that I see the ticket pending in the queue.
    >
    > On Sat, Feb 28, 2026 at 5:57 PM Schmidt, Thomas <thomas.schmidt@bsi.bund.de> wrote:
    >> Hi Kelly,
    >> we plan to submit CSAF 2.1 CSD02 early March (definitely after 2026-03-07 22:00 UTC) for a 15 day review. If possible, it would be nice to let the review period end (as early as possible, but) before 2026-03-25 as we have our next TC meeting there.
    >>
    >> Best wishes,
    >> Thomas [...]

    Cheers,
    Stefan
    --
    Stefan Hagen
    Distinguished Contributor, OASIS
    Co-Chair, OASIS CSAF TC, DSS-X TC, and SARIF TC
    Secretary, ACCU
    Secretary, IEEE P24748-5 - Software Engineering Technical Management
    Secretary, IEEE P3349 - Space System Cybersecurity Integration Layer SG
    Secretary, OASIS OpenEOX TC and SAM TC





  • 5.  RE: Submission of OASIS CSAF v2.1 CSD02 for 15 day public review

    Posted 03-21-2026 03:18
    Kelly, please do so.

    I had mistaken this mail for the announcement. I am traveling and am not used to a mobile as the only window into cmunicarion, sorry.

    I responded to your firdt mail asking if the files deposited on the docs site were good to go in the afformative, but maybe the mail got lost?

    Please prgress with publication.

    Tha ks.

    Cheers, stefan

    On Mon, Mar 16, 2026, at 20:55, Stefan Hagen wrote:
    Dear Kelly,

    I created the release on GitHub for OASIS CSAF v2.1 CSD02 at: 


    The description and attached ZIP-file are as usual (a few more schema files, though).

    The approved minutes of the latest TC meeting on 2026-02-25 at:


    do provide the documentation of the successful motion for a standing rule
    that enables us to trigger CSD02 public review with this email from an editor:

    (begin citation)"Standing rule 

    As a standing rule, the TC may authorize the editor(s) to 
    publish additional versions of a CSD or CND either on a regular basis or 
    at their discretion without additional motions, calls for consent, or ballots. 
    This is desirable to speed up progress.
    Stefan Hagen presents a motion to organize a full majority vote to adopt 
    this standing rule. Sergii seconded. No discussions or objection. 
    Full majority vote is succesful. The standing rule was enacted. 
    The following Voting Members voted in favor:
    - Christian Banse
    - Christoph Plutte
    - Feng Cao
    - Jessie Vaught
    - Sergii Demianchuk
    - Sonny van Lingen
    - Stefan Hagen
    - Thomas Schmidt"(end citation)

    Documentation of motion to approve the minutes at:


    (begin citation)"Motion set and seconded: 
    on 2026-03-04. The motion will automatically carry if no objection is received per the 
    TC list before one week has passed on 2026-03-11 17:00 UTC."(end citation)

    I hope this is all that OASIS administration needs to publish.

    In case I can help, please kindly contact me.

    Thanks.

    On Tue, Mar 3, 2026, at 18:54, Kelly Cullinane wrote:
    > Ok thanks for letting me know! I will keep an eye out. Please also send me a quick note so I can be sure that I see the ticket pending in the queue. 
    > On Sat, Feb 28, 2026 at 5:57 PM Schmidt, Thomas <thomas.schmidt@bsi.bund.de> wrote:
    >> Hi Kelly,
    >> we plan to submit CSAF 2.1 CSD02 early March (definitely after 2026-03-07 22:00 UTC) for a 15 day review. If possible, it would be nice to let the review period end (as early as possible, but) before 2026-03-25 as we have our next TC meeting there.
    >> 
    >> Best wishes,
    >> Thomas [...]

    Cheers,
    Stefan
    --
    Stefan Hagen
    Distinguished Contributor, OASIS
    Co-Chair, OASIS CSAF TC, DSS-X TC, and SARIF TC
    Secretary, ACCU
    Secretary, IEEE P24748-5 - Software Engineering Technical Management
    Secretary, IEEE P3349 - Space System Cybersecurity Integration Layer SG
    Secretary, OASIS OpenEOX TC and SAM TC

    Stefan
    --
    Stefan Hagen
    Distinguished Contributor, OASIS
    Co-Chair, OASIS CSAF TC, DSS-X TC, and SARIF TC
    Secretary, ACCU
    Secretary, IEEE P24748-5 - Software Engineering Technical Management
    Secretary, IEEE P3349 - Space System Cybersecurity Integration Layer SG
    Secretary, OASIS OpenEOX TC and SAM TC






Related Content