Hi all,
The CSAF TC recently requested IANA registration for three elements of CSAF v2.0 [1]. These have been approved and are now registered by IANA. Congratulations on achieving this milestone!
The Internet Assigned Numbers Authority (IANA) [2] manages the central registries used in many Internet protocols.
The IANA registries with the new CSAF elements are now available as follows:
Registration of "csaf" and "csaf-aggregator" in the "Well-Known URIs" registry:
Registration of "CSAF" as an optional field name in the "security.txt Fields" registry:
This is particularly notable as the first and currently only registered field beyond the original eight identified in RFC9116 [2], which defined the usage of "security.txt" to "help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities."
[1] OASIS support tickets:
Best regards,
Paul
--
OASIS...Setting the standard for open collaboration