![Page 1: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/1.jpg)
OASIS Common Security Advisory Framework (CSAF) Technical Committee UpdateCERT VENDOR MEETINGFEBRUARY 13, 2017
![Page 2: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/2.jpg)
AgendaIntroduction to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.
Transition of the Common Vulnerability Reporting Framework (CVRF) to OASIS.
CVRF version 1.2 Update.
CSAF Roadmap.
Q&A
![Page 3: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/3.jpg)
Introduction to CSAF The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF).
TC deliverables are designed standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.
https://www.oasis-open.org/committees/csaf
![Page 4: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/4.jpg)
58 MEMBERS IN LESS THAN 3 MONTHS!
![Page 5: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/5.jpg)
http://www.icasi.org/icasi-transfers-development-of-security-open-standard-to-oasis
https://www.oasis-open.org/news/pr/oasis-advances-standard-for-automated-disclosure-of-cybersecurity-vulnerability-issues
ICASI OASIS
![Page 6: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/6.jpg)
CSAF ROADMAP
6
Nov 2016CSAF Inaugural
Call
CVRF 1.2 contributions to
support CVSSv3.
Launched CSAF Sandbox.
Jan 2017
Mar 2017CVRF 1.2 Release
CSAF (aka CVRF 2.0) work starts:
SWID SupportSupporting Different Formats (JSON, XML,
etc.)Making it
Extensible.Other.
Apr 2017
Major Revision
The goal is to have a major revision of the standard within 18 months of TC creation.
![Page 7: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/7.jpg)
GITHUB
A collaborative environment for the
community to propose and develop
experimental capabilities in the
CSAF specification.
MODERN ENVIRONMENTMajor contributions are expected from TC members, but
everyone is invited to contribute and provide feedback.
OPEN TO EVERYONE
https://github.com/oasis-tcs/csaf
![Page 8: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/8.jpg)
SANDBOX
A collaborative environment for the
community to propose and develop
experimental capabilities in the CSAF specification
CSAF SANDBOXIncluding support
for CVSSv3.
CVRF 1.2 PREVIEW
https://github.com/oasis-tcs/csaf
![Page 9: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/9.jpg)
JIRA
Follow process of action items and
contributions.
OPEN TO EVERYONETracker for action items (tasks) and issues of OASIS
CSAF TC
ISSUE TRACKING
https://issues.oasis-open.org/browse/CSAF
![Page 10: OASIS Common Security Advisory Framework (CSAF) Update CERT Vendor Meeting](https://reader030.vdocuments.us/reader030/viewer/2022012911/58ed8aed1a28ab74738b4631/html5/thumbnails/10.jpg)
Thank you!
Get Involved!