OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

csaf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [csaf] A shared vulnerability format for open-source packages


Thank you Art! 

I was not aware of this effort. I provided a small comment on reviewing the work we are doing at CSAF directly on their document  (https://docs.google.com/document/d/1sylBGNooKtf220RHQn1I8pZRmqXZQADDQ_TOABrKTpA/edit?pli=1#) . We also discussed and asked the TC to participate in some of those discussions and provide feedback, as needed. It does look like it has some significant overlap with CSAF.

Regards,
 
Omar Santos 
PSIRT, Security Research and Operations 
Cisco Systems
Email: os@cisco.com

ïOn 4/28/21, 1:02 PM, "csaf@lists.oasis-open.org on behalf of Art Manion" <csaf@lists.oasis-open.org on behalf of amanion@cert.org> wrote:

    All,

    Mostly for awareness and possibly long-term wishes for fewer vulnerability record/advisory standards.

      - Art



    A shared vulnerability format for open-source packages

    Oliver Chang
    Russ Cox

    Version 0.6 (April 26, 2021)
    this doc: https://tinyurl.com/vuln-json (for now)

    https://docs.google.com/document/d/1sylBGNooKtf220RHQn1I8pZRmqXZQADDQ_TOABrKTpA/edit?pli=1#

    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that 
    generates this mail.  Follow this link to all your TCs in OASIS at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]