Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSAF enhancements reflect Embargo, Expected Date Public and Vendor Involvements. #55

Closed
sei-vsarvepalli opened this issue Sep 23, 2022 · 0 comments
Closed

CSAF enhancements reflect Embargo, Expected Date Public and Vendor Involvements. #55

sei-vsarvepalli opened this issue Sep 23, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@sei-vsarvepalli
Copy link
Contributor

CSAF producer methods currently do include the following information that is present in Vulnerability Advisories from VINCE https://kb.cert.org/vuls/ .

The proposed updates should include

  1. Use vulnerability[]/release_date to provide date in the future for Embargoed/private CSAF documents via private authenticated API. Vulnerability release_date in CSAF format to be copied from "Expected Date Public"
  2. Add TLP statements to CSAF document for private authenticated API Section 3.2.1.5.2 from CSAF guidance doc.
  3. Add disclosure timeline and include vendors who have been notified and not responded to a vulnerability disclosure as per section 3.2.3.7.

See Issue in @oasis-tcs for discussion.
oasis-tcs/csaf#586
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sei-vsarvepalli