OASIS members and other interested parties,
OASIS and the OASIS Common Security Advisory Framework (CSAF) TC are pleased to announce that Common Security Advisory Framework Version 2.0 Errata 01 is now available for public review and comment.
The Common Security Advisory Framework (CSAF) Version 2.0 is the definitive reference for the CSAF language which supports creation, update, and interoperable exchange of security advisories as structured information on
products, vulnerabilities and the status of impact and remediation among interested parties.
The OASIS CSAF Technical Committee is chartered to make a major revision to the widely-adopted Common Vulnerability Reporting Framework (CVRF) specification, originally developed by the Industry Consortium for Advancement
of Security on the Internet (ICASI). ICASI has contributed CVRF to the TC. The revision is being developed under the name Common Security Advisory Framework (CSAF). TC deliverables are designed to standardize existing practice in structured machine-readable
vulnerability-related advisories and further refine those standards over time.
The documents and related files are available here:
Common Security Advisory Framework Version 2.0 Errata 01
Committee Specification Draft 01
Editable source (Authoritative):
For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
A public review announcement metadata record [3] is published along with the specification files.
OASIS and the CSAF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.
The public review starts 21 December 2023 at 00:00 UTC and ends 04 January 2024 at 23:59 UTC.
Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public
review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability
of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification.
OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work.
Additional information about the specification and the CSAF TC can be found at the TC's public home page:
========== Additional references:
[3] Public review announcement metadata: