About CSAF and CVRF
The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF). TC deliverables are designed to standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.
Access the OASIS CSAF TC Chater
Access the OASIS CSAF TC Chater for detailed information about the TC statement of purpose, scope of work, and deliverables.
Learn the technical details about CVRF in the current version of the speficication document.
Review Our Examples
Access our CVRF content examples based on the current version of the specification.
CVRF has been adopted by several organizations including Cisco, RedHat, Microsoft, MITRE, Oracle, Suse, and others.
Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License. How to Join a Committee
Contribute Tools and Libaries
To have code commited to OASIS repositories a Contributor License Agreement (CLA) must be submitted and approved. Bug reports, suggestions and help requests about spcific OASIS github projects should be done through Github issues on their respective repository.