The following is an excerpt of the CSAF TC Charter:
Statement of Purpose
The current threat landscape combined with the emergence of the Internet of Things have profoundly changed how we protect our systems and people, driving us to think about a new approach to cybersecurity, especially around vendor advisories dealing with vulnerability disclosure issues. The purpose of the CSAF Technical Committee is to standardize existing practice in structured machine-readable security vulnerability-related advisories and further refine those standards over time.
The TC will base its efforts on the Common Vulnerability Reporting Framework (CVRF) specification originally developed by the Industry Consortium for Advancement of Security on the Internet (ICASI). ICASI intends to contribute CVRF to the TC. Prior to creation of the TC, the CVRF standard has been adopted by several technology vendors and MITRE, which produce information in the CVRF format. Additionally, a number of organizations are consuming information produced in the CVRF format. By building upon the existing CVRF standard, the TC can offer immediate value and quickly support future development to improve the interoperability and utility of the framework in support of providing structured machine-readable security advisories.
Scope of Work
The TC will use CVRF 1.1 as the basis for creating OASIS Standards Track Work Products. One important consideration will be attempting to maintain backwards compatibility with CVRF 1.1, where possible, by carefully considering changes to the input specifications and minimizing the impact to existing implementations. Another important consideration will be to ensure that the specification provides for sufficient interoperability to allow any consuming application to reliably process vulnerability-related remediation advisories from multiple sources without special semantic handling for each source.
The TC will develop format specifications for structured, machine-readable security vulnerability-related security advisories under the OASIS TC process, with the goal of submitting them at the appropriate time to the membership of the organization for consideration as an OASIS Standard. Other contributions will be accepted for consideration without any prejudice or restrictions and evaluated based on technical merit insofar as they conform to this charter.
The TC will make substantive additions and other changes to the CVRF input specification to correct errors and evolve capabilities based on requirements and capabilities identified by OASIS TC members. The TC will rename the framework to more closely align to the primary use (e.g., Common Security Advisory Framework - CSAF). Deliverables will include a major revision of the framework. In addition to the specification deliverables, the TC may deliver supporting documentation and open source tooling on an ongoing basis in support of the TC's published standard(s). The TC expects to produce a major revision of the framework within 18 months of its first meeting.
Hi Team, I have a requirement to create a user in CUCM with the help of using AXLAPIs.Can anyone please guide me how to proceed further which is the need of below mentioned:which api I need to call to create a userthe sample url and how to communicat...
Hello everybody. Regarding the CASE API (https://developer.cisco.com/docs/support-apis/#!case), is there a way for gathering cases that belong to a specific customer? The API has only GET based on case ID, contract and user assigned. If not, is there...
Hello,Using the Product Information API and based on documentation below.orderable_statushas 3 possible values O = ORDERABLEN = NON_ORDERABLEEOX = End of LifeBut in my query it always shows empty.Cisco Public------------------------------------"produ...
Hi all, I am currently trying to retrieve information from Cisco CCW-R's REST API as described on devnet, using the APIs on the developer portal. I keep getting responses that my application's access to the API has been revoked. Is there a special pr...
Hi Team,I am trying to get bug information using api with bug id ex.https://api.cisco.com/bug/v2.0/bugs/bug_ids/CSCdr72939.But i am getting not authorized message. Step I flowed.1, Got access to PSIRT openVuln API from API console2, Using ID and Key ...