December 9-12, 2024
Location: Germany, Information Security Hub at Munich Airport (Südallee 1, 85356 München, Germany)

Exclusive Workshops about the Common Security Advisory Framework (CSAF)


Vulnerabilities in hardware and software are omnipresent. After all, all software and hardware is flawed beyond a certain level of complexity, and such flaws can potentially lead to security-relevant vulnerabilities that are exploited accordingly. Such security-relevant vulnerabilities are like open wounds. They need to be taken care of. To do this, it must be known where the “wound” is located, what kind of “wound” it is and how it can be healed or at least initially treated as quickly as possible.

The digital solution for all these issues is CSAF (https://csaf.io): The Common Security Advisory Framework (CSAF) is a standardized and open-source framework for the communication and automated distribution of machine-processable vulnerability and mitigation information, so-called security advisories or security information.

CSAF significantly reduces the manual effort required to search for security information and to determine whether products are affected or not. It allows manufacturers, users, operators and the administration to automatically retrieve information on individual vulnerabilities and to determine whether they are affected. Being not affected can also be communicated in a scalable manner (Vulnerability Exploitability eXchange (VEX) as a profile in CSAF). In the course of an increasingly networked and complex world, the number of security-relevant vulnerabilities will grow significantly and modern vulnerability management using CSAF documents will become indispensable. CISA and BSI promote and demand CSAF and are organizing a total of three free workshops on the topic of CSAF (Common Security Advisory Framework) as part of the ACS (Alliance for Cyber Security), from 09.12.2024 to 12.12.2024.

All workshops will be recorded and afterwards edited for teaching purposes and made publicly available. No personal data of participants will be processed or disclosed in the publicly available videos. The workshops will be held in English and in presence.

All workshops are limited to 40 participants. Secure your place quickly (first come, first served) and register by 24.11.2024 at csaf@bsi.bund.de.

The workshops will be held together with the brand new CSAF Community Days.

CSAF Workshop prerequisites

Prerequisites for Participation in the Workshop

- The workshops are aimed at the target group: manufacturers, CERTs, research institutions, security researchers
- Joy of learning new things
- Interest in Security Advisories
- Very good knowledge of English, as the entire workshop will be held in English
- Mandatory basic knowledge of Command Line commands (for the majority of the tools used in the workshops)
- Knowledge of the CSAF standard (for the 2nd workshop)
- Programming knowledge in Python (for the 3rd workshop)

Which workshop should I attend?

You want to use CSAF in your organisation in the future but have little or no experience with the standard? Do you want to know what CSAF is, how to create valid CSAF advisories and what the standard can do for you, your organisation and your clients? You want to learn how to write CSAF-Advisories? Then the 1st workshop is just right for you. The knowledge you have gained will be put into practice in various exercises. Feel free to bring your questions and ask us.

Are you already using CSAF in your organisation and have gained experience? Or do you already have prior knowledge from the 1st workshop? You know CSAF and have already come across one or more special cases and just don’t know what to do? Then the 2nd workshop is just right for you. Here, specific questions about the standard and the format will be answered. We are happy to take your input and feedback regarding your previous experiences with the CSAF standard and answer them in the workshop. Here, too, the knowledge gained is applied practically in various exercises.

Would you like to know more about the distribution and automated retrieval of CSAF advisories? Have you heard of CSAF publishers, CSAF providers or CSAF aggregators? Do you want to make CSAF files available yourself, but don’t know how? Then you are welcome to register for workshop 3. This workshop also includes practical exercises to consolidate the knowledge you have gained. In addition, the distribution mechanism for CSAF documents, with the different roles, will be implemented by all participants in the workshop.

You are welcome to register for more than one workshop.

Workshops

Workshop 1: CSAF writing boot camp (for beginners)
09.12.2024 13:30-18:00 (Part 1)
10.12.2024 08:00-12:30 (Part 2)
(limited to 40 participants)

Workshop 2: The CSAF Writers' Guild - Advancing Your Experience
10.12.2024 13:30-18:00 (Part 1)
11.12.2024 08:00-12:30 (Part 2)
(limited to 40 participants)

Workshop 3: CSAF distribution - from scratch to publication
11.12.2024 13:30-18:00 (Part 1)
12.12.2024 08:00-12:30 (Part 2)
(limited to 40 participants)