OASIS Members and other interested parties,
OASIS is pleased to announce that Common Security Advisory Framework Version 2.0 from the OASIS Common Security Advisory Framework (CSAF) TC [1] has been approved as an OASIS Committee Specification.
The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. CSAF v2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.
This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.
The prose specifications and related files are available here:
Common Security Advisory Framework Version 2.0
Committee Specification 01
12 November 2021
Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.md
HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html
PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.pdf
JSON schemas:
Aggregator: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/aggregator_json_schema.json
CSAF: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/csaf_json_schema.json
Provider: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/provider_json_schema.json
Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.zip
Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.
Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.
========== Additional references:
[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/
[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-comment-resolution-log.md
[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3666
-- OASIS is pleased to announce that Common Security Advisory Framework Version 2.0 from the OASIS Common Security Advisory Framework (CSAF) TC [1] has been approved as an OASIS Committee Specification.
The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. CSAF v2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.
This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.
The prose specifications and related files are available here:
Common Security Advisory Framework Version 2.0
Committee Specification 01
12 November 2021
Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.md
HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html
PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.pdf
JSON schemas:
Aggregator: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/aggregator_json_schema.json
CSAF: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/csaf_json_schema.json
Provider: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/provider_json_schema.json
Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.zip
Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.
Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.
========== Additional references:
[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/
[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-comment-resolution-log.md
[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3666
|