OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

members message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Invitation to comment on Common Security Advisory Framework Version 2.0 before call for consent as OASIS Standard - ends October 29


The definitive reference language for interoperable security advisories is released for the public review preceding its submission to the OASIS membership in the Call for Consent as OASIS Standard. Additional information is available in the public release metadata document at https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html

OASIS members and other interested parties,

OASIS and the Common Security Advisory Framework (CSAF) TC [1] are pleased to announce that Common Security Advisory Framework Version 2.0 Committee Specification 03 is now available for public review and comment.

This document is the definitive reference for the language elements of CSAF version 2.0. The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON.

The term Security Advisory describes any notification of security issues in products to or from product vendors, Product Security Incident Response Teams (PSIRTs), product resellers and distributors, and others. The focus of the term is on the security aspect impacting specific product-platform-version combinations.

The TC received 3 Statements of Use from Oracle Corporation, TIBCO Software Inc., and Federal Office for Information Security (BSI) Germany [3].

The candidate specification and related files are available here:

Common Security Advisory Framework Version 2.0
Committee Specification 03
01 August 2022

Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.md

HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html

PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.zip
Â
Public Review Period

The 60-day public review starts 31 August 2022 at 00:00 UTC and ends 29 October 2022 at 23:59 UTC.

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled "Send A Comment" at the top of the TC public home page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=csaf

Comments submitted by for this work and for other work of this TC/OP are publicly archived and can be viewed at:

https://lists.oasis-open.org/archives/csaf/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of âCommon Security Advisory Framework Version 2.0,â we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC/OP should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work.

==============

[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/

[2] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3725

[3] Statements of Use:

- Oracle Corporation:
https://lists.oasis-open.org/archives/csaf/202208/msg00002.html

- TIBCO Software Inc.:
https://lists.oasis-open.org/archives/csaf/202208/msg00000.html

- Federal Office for Information Security (BSI) Germany:
https://lists.oasis-open.org/archives/csaf/202207/msg00024.html

[4] http://www.oasis-open.org/policies-guidelines/ipr

[5] https://www.oasis-open.org/committees/csaf/ipr.ph

--

ChetÂEnsign

Chief Technical Community Steward

OASIS Open

ÂÂÂ
+1 201-341-1393
chet.ensign@oasis-open.org
www.oasis-open.org


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]