[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [csaf-comment] CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification
Thank you Chet for all your support!
To the TC members,
This is a great accomplishment! Thank you all for your continuous collaboration and participation.
Special thanks to Stefan Hagen for almost single-handedly creating all the documentation and editorial tasks and Feng Cao for your technical contributions.
Now to a great start on the 2.0 major release. We have a lot of work ahead of us.
PSIRT, Security Research and Operations
Cisco Systems, Inc.
PGP Key: 0x3AF27EDC
OASIS Members and other interested parties,
We are pleased to announce the publication of CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2, the first approved specification from the members of the OASIS Common Security Advisory Framework (CSAF) TC.
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2
Committee Specification 01
13 September 2017
CVRF is a language to exchange Security Advisories and provide for greater interoperability among products by ensuring that machine-readable security advisories can be produced and consumed much more broadly. The specification builds on the Common Vulnerability Reporting Framework (CVRF) 1.1 which was initiated by ICASI, the Industry Consortium for Advancement of Security on the Internet and contributed to OASIS.
For more information on CVRF and the CSAF TC, see the press release at https://www.oasis-open.org/news/pr/oasis-advances-standard-for-automated-disclosure-of-cybersecurity-vulnerability-issues
This is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.
The prose specifications and related files are available here:
Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
Members of the CSAF TC  approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process . The vote to approve as a Committee Specification passed , and the document is now available online in the OASIS Library as referenced above.
Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.
========== Additional references:
 OASIS Common Security Advisory Framework (CSAF) TC
 Public reviews:
- 30-day public review, 21 June 2017:
- Comment resolution log:
 Approval ballot: