bootstrap responsive templates

OASIS Common Security Advisory Framework (CSAF)

Standardizing automated machine-readable disclosure of cybersecurity vulnerabilities.


The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF).
TC deliverables are designed to standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.

Access the OASIS CSAF TC Chater for detailed information about the TC's scope of work, and deliverables. Learn the technical details about CVRF 1.2 in the speficication document


Access the CSAF TC GitHub Repository
The new version of CSAF (CSAF 2.0) will be based in JSON. The current version of the CSAF 2.0 schema draft can be accessed here. Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License. Learn About How to Join a Committee.
Contribute to Tools and Libaries:
To have code commited to OASIS repositories a Contributor License Agreement (CLA) must be submitted and approved. Bug reports, suggestions and help requests about spcific OASIS github projects should be done through Github issues on their respective repository.

OASIS Common Security Advisory Framework