Dear colleagues, BSI would like to invite you to the final presentation of the CSAF distribution tools, which is the same day as our next TC meeting - just 2h earlier. Tl;dr: 29.11.2023, 11-12:00 EST (17:00-18:00 CET), virtual via bbb, link for participation:
https://www.bbb4all.de/86274-10150-02650 Since all software and hardware is prone to errors above a certain level of complexity, this can lead to security-relevant vulnerabilities and modern vulnerability management in the form of security advisories is simply indispensable. The Common Security Advisory Framework 2.0 (CSAF) standard specifies the format as well as the distribution and (semi-) automated processing of security advisories. Project 510 aimed to provide the foundations, architecture and implementation for a distributed, scalable and resilient infrastructure for the distribution of security advisories in accordance with CSAF 2.0. In the course of the presentation, the project (
https://github.com/csaf-poc/csaf_distribution ) will be introduced on a technical level. The tools for the individual use cases that have been developed will be demonstrated. They are intended to support manufacturers in the use of CSAF documents so that all developments are available as open source software and can be freely used and further developed according to customer requirements. The presentation is aimed at anyone interested in the topics of CSAF, security advisories and vulnerability management, as well as anyone with an interest in the technical background of open source development. Please let us know, if you want to participate by registering yourself via email to mailto:
csaf@bsi.bund.de Best wishes, Thomas