12-15 December, 2023
Location: Germany, Information Securtiy Hub at Munich Airport (Südallee 1, 85356 München, Germany)

Exclusive Workshops and Ask-the-Expert Sessions about the Common Security Advisory Framework (CSAF)

Vulnerabilities in hardware and software are omnipresent. After all, all software and hardware is flawed beyond a certain level of complexity, and such flaws can potentially lead to security-relevant vulnerabilities that are exploited accordingly. Such security-relevant vulnerabilities are like open wounds. They need to be taken care of. To do this, it must be known where the “wound” is located, what kind of “wound” it is and how it can be healed or at least initially treated as quickly as possible.

The digital solution for all these issues is CSAF (https://csaf.io): The Common Security Advisory Framework (CSAF) is a standardised and open-source framework for the communication and automated distribution of machine-processable vulnerability and mitigation information, so-called security advisories or security information.

CSAF significantly reduces the manual effort required to search for security information and to determine whether products are affected or not. It allows manufacturers, users, operators and the administration to automatically retrieve information on individual vulnerabilities and to determine whether they are affected. Being not affected can also be communicated in a scalable manner (Vulnerability Exploitability eXchange (VEX) as a profile in CSAF). In the course of an increasingly networked and complex world, the number of security-relevant vulnerabilities will grow significantly and modern vulnerability management using CSAF documents will become indispensable. The BSI promotes and demands CSAF and is organising a total of three free workshops and Ask-the- Expert sessions on the topic of CSAF (Common Security Advisory Framework) as part of the ACS (Alliance for Cyber Security), from 12.12.23 to 15.12.23.

All workshops will be recorded and afterwards edited for teaching purposes and made publicly available. No personal data of participants will be processed or disclosed in the publicly available videos. The workshops will be held in English and in presence.

All workshops are limited to 40 participants. Secure your place quickly (first come, first served) and register by 27.11.2023 at csaf@bsi.bund.de.

The Ask-the-Expert sessions will be held in English.Virtual participation is possible for the sessions (not the workshops) - there is no limit to the number of participants.

CSAF Workshop prerequisites

Prerequisites for Participation in the Workshop

- The workshops are aimed at the target group: manufacturers, CERTs, research institutions, security researchers
- Joy of learning new things
- Interest in Security Advisories
- Very good knowledge of English, as the entire workshop will be held in English
- Mandatory basic knowledge of Command Line commands (for the majority of the tools used in the workshops)
- Knowledge of the CSAF standard (for the 2nd workshop)
- Programming knowledge in Python (for the 3rd workshop)

Which workshop should I attend?

You want to use CSAF in your organisation in the future but have little or no experience with the standard? Do you want to know what CSAF is, how to create valid CSAF advisories and what the standard can do for you, your organisation and your clients? You want to learn how to write CSAF-Advisories? Then the 1st workshop is just right for you. The knowledge you have gained will be put into practice in various exercises. Feel free to bring your questions and ask us.

Are you already using CSAF in your organisation and have gained experience? Or do you already have prior knowledge from the 1st workshop? You know CSAF and have already come across one or more special cases and just don’t know what to do? Then the 2nd workshop is just right for you. Here, specific questions about the standard and the format will be answered. We are happy to take your input and feedback regarding your previous experiences with the CSAF standard and answer them in the workshop. Here, too, the knowledge gained is applied practically in various exercises.

Would you like to know more about the distribution and automated retrieval of CSAF advisories? Have you heard of CSAF publishers, CSAF providers or CSAF aggregators? Do you want to make CSAF files available yourself, but don’t know how? Then you are welcome to register for workshop 3. This workshop also includes practical exercises to consolidate the knowledge you have gained. In addition, the distribution mechanism for CSAF documents, with the different roles, will be implemented by all participants in the workshop.

You are welcome to register for more than one workshop.


Workshop 1: CSAF writing boot camp (for beginners)
12.12.2023 - 13.12.2023
13:30-18:00 and 8:00-12:30
(limited to 40 participants)

Workshop 2: The CSAF Writer Guild - Advancing Your Experience
13.12.2023 - 14.12.2023
13:30-18:00 and 8:00-12:30
(limited to 40 participants)

Workshop 3: CSAF distribution - from scratch to publication
14.12.2023 - 15.12.2023
13:30-18:00 and 8:00-12:30
(limited to 40 participants)

Ask-the-Expert Sessions

Session 1: Ask-the-Expert-Session (virtual)
11.12.2023, 17-18:00

Session 2: Ask-the-Expert session (onsite and virtual)
15.12.2023 14:00-16:30