Cisco Blogs
Share

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available


September 21, 2017 - 2 Comments

I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing all efforts to enhance the CVRF specification originally developed by the Industry Consortium for Advancement of Security on the Internet (ICASI). The CVRF language supports the creation, update, and interoperable exchange of security advisories as structured machine-readable content.

The CVRF version 1.2 committee specification provides support for Common Vulnerability Scoring System version 3 (CVSSv3) scores, new namespaces, and enhanced documentation.

The prose specifications and related files are available at the following links:

You can also obtain additional information at the CSAF TC GitHub Repository: https://github.com/oasis-tcs/csaf

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. Congratulations! Thank you for sharing the new development on the new version of CSAF Common Vulnerability Reporting Framework (CVRF) .

  2. Thanks Císco / Santos, I very usefull ... Quynh