A few months ago, I wrote about the new OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC). The purpose of the CSAF Technical Committee is to standardize the practices for structured machine-readable security vulnerability-related advisories. And then we will further refine those standards over time.

The Common Vulnerability Reporting Framework (CVRF) Version 1.2, the first release from the OASIS CSAF TC, is now available for public review and comment.

The official OASIS announcement can be found at the following link: http://cs.co/90058WMhL

The following are the links to the CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 Committee Specification Draft 01 / Public Review Draft 01 documents:

Please refer to the OASIS announcement site for further information on how to participate and provide comments.


Omar Santos

Distinguished Engineer

Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations