OASIS Common Security Advisory Framework (CSAF) TC

 View Only
Back to discussions
Expand all | Collapse all

[CSAF] TC meeting on 2021-05-26 & Editor revision 2021-05-21

  • 1.  [CSAF] TC meeting on 2021-05-26 & Editor revision 2021-05-21

    Posted 05-26-2021 08:12
    Dear colleagues, in preparation of our meeting on May 26, 2021 please review (and comment on if you like) any open ticket (or where available the associated PR) with the label: "tc-discussion-needed" Currently these are: - #262: Consider broaden the definition of impact ( https://github.com/oasis-tcs/csaf/issues/262 ) => PR available ( https://github.com/oasis-tcs/csaf/pull/263 ) - #260: Consider VEX definition alignment for product_status ( https://github.com/oasis-tcs/csaf/issues/260 ) => PR available ( https://github.com/oasis-tcs/csaf/pull/266 ) - #248: Extend definition of product to encompass open source projects. ( https://github.com/oasis-tcs/csaf/issues/248 ) => Suggestions available - #247: Use of the term vendor does not encompass open source projects effectively ( https://github.com/oasis-tcs/csaf/issues/247 ) => Suggestions available - #220 & #221: Clarify the involvements section ( https://github.com/oasis-tcs/csaf/issues/220 , https://github.com/oasis-tcs/csaf/issues/221 )=> PR available ( https://github.com/oasis-tcs/csaf/pull/255 ) - #204: Consider a set of proven values for maxima of string and array lengths ( https://github.com/oasis-tcs/csaf/issues/204 ) => PR available ( https://github.com/oasis-tcs/csaf/pull/256 ) - #193: As a consumer I want every CSAF document to be a security advisory. ( https://github.com/oasis-tcs/csaf/issues/193 ) => Suggestion of profiles for CSAF: see comment of tschmidtb51 from Mar 15, 2021 Please also have a look at the open pull requests if possible. A new editor revision has been published: https://github.com/oasis-tcs/csaf/blob/editor-revision-2021-05-21/csaf_2.0/prose/csaf-v2-editor-draft.md It covers the folowing areas: - add tests (as discussed during last TC meeting) - polish/finish semantic versioning (as discussed during last TC meeting) - add new conformance targets validators - add basic rules for distributing CSAF document (as agreed on TC meeting Jan 27th, 2021) - clarify that /document/tracking/id must be unique for the issuing organization - editorial nits and changes Best regards, Thomas Attachment: smime.p7s Description: S/MIME cryptographic signature


Related Content