Dear CSAF TC members,
As mentioned during our last TC call, I have been co-authoring a white paper on VEX and CSAF with colleagues from other software manufacturers. We, the group of authors, have now finalized a draft ready for socializing within the CSAF TC and the OpenSSF. We plan to publish this WP on the OpenSSF and OASIS websites.
The white paper is based on multiple interviews with software vendors, IT security companies and practitioners. The goal of this white paper is to foster collaboration to address pain points and promote VEX and specifically CSAF. Many aspects that were collected in interview and mentioned in the white paper also featured in our discussions during the CSAF Community Days.
Please let me know if you have questions, suggestions or concerns regarding the attached white paper. I would like to gather feedback from you, the TC members, before we publish the white paper.
--- The attached version of the white paper is not yet published. Please don't circulate it outside of the CSAF TC and please don't publish it. ---
Best regards and a nice weekend!
Christoph Plutte
Ericsson PSIRT
------------------------------
Christoph Plutte
Ericsson AB
------------------------------