Standardizing automated machine-readable disclosure of cybersecurity vulnerabilities.

Get Started

Getting Started

About CSAF and CVRF

The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF). TC deliverables are designed to standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.

Access the OASIS CSAF TC Chater

Access the OASIS CSAF TC Chater for detailed information about the TC statement of purpose, scope of work, and deliverables.

Get Started

Learn the technical details about CVRF in the current version of the speficication document.

Review Our Examples

Access our CVRF content examples based on the current version of the specification.

CVRF Adoption

CVRF has been adopted by several organizations including Cisco, RedHat, Microsoft, MITRE, Oracle, Suse, and others.

Access a list of well-known CVRF content repositories.

Get Involved!

Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License. How to Join a Committee

Contribute Tools and Libaries

To have code commited to OASIS repositories a Contributor License Agreement (CLA) must be submitted and approved. Bug reports, suggestions and help requests about spcific OASIS github projects should be done through Github issues on their respective repository.