OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

members message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: CSAF Common Vulnerability Reporting Framework (CVRF) V1.2 is now a Committee Specification


OASIS Members and other interested parties,

We are pleased to announce the publication of CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2, the first approved specification from the members of the OASIS Common Security Advisory Framework (CSAF) TC.

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2
Committee Specification 01
13 September 2017

CVRF is a language to exchange Security Advisories and provide for greater interoperability among products by ensuring that machine-readable security advisories can be produced and consumed much more broadly. The specification builds on the Common Vulnerability Reporting Framework (CVRF) 1.1 which was initiated by ICASI, the Industry Consortium for Advancement of Security on the Internet and contributed to OASIS.

For more information on CVRF and the CSAF TC, see the press release at https://www.oasis-open.org/news/pr/oasis-advances-standard-for-automated-disclosure-of-cybersecurity-vulnerability-issues

This is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

PDF (Authoritative):
http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.pdf

HTML:
http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html

Editable source:
http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.docx

XML schemas: 
http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/schemas/

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.zip

Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:

[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/

[2] Public reviews: 
- 30-day public review, 21 June 2017:
https://lists.oasis-open.org/archives/members/201706/msg00007.html
  - Comment resolution log: 
  http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csprd01/csaf-cvrf-v1.2-csprd01-comment-resolution-log.txt

[3] Approval ballot: 
https://www.oasis-open.org/committees/ballot.php?id=3121


--

/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]