This is a significant announcement from CISA that removes all doubt about how to report on software vulnerabilities using a machine readable standard format, CSAF Security Advisories (profile 4). This is significant because CISA also provides actual examples of CSAF Security Advisories in machine readable format. This will help guide the software industry on how to report new software vulnerabilities that affect software products in commercial use, which represent the most likely cyber-risks.
Thie announcement removes a cloud of uncertainty as to how companies should report on known exploited software vulnerabilities to help customers automate mitigation response when a new vulnerability is reported. Thanks to Allan, Lindsey and the entire Vulnerability Team at CISA for providing this clear, formal guidance on how to report on software vulnerabilities using a machine readable standard, CSAF Security Advisories (profile 4). https://www.cisa.gov/news-events/news/transforming-vulnerability-management- cisa-adds-oasis-csaf-20-standard-ics-advisories Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5362): https://lists.spdx.org/g/Spdx-tech/message/5362 Mute This Topic: https://lists.spdx.org/mt/101660426/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
