The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories. It plays a crucial role in the cybersecurity arena since it allows stakeholders to automate the creation and consumption of security vulnerability information and remediation.
CERT@VDE has also advanced and implemented CSAF development as part of the BMBF-funded ZENSIM project (https://zensim-project.de/).
Providing CSAF documents
A collection of tools have been developed to support the CSAF standard. One of these tools, the csaf_provider, implements the role 'CSAF Trusted Provider' and offers the technical basis to fulfill the requirements when distributing CSAF documents.
We (CERTVDE) will offer CSAF-Advisories in Q1 of 2024 and besides operating CSAF-Trusted Providers for ourself and our partners, we plan to offer a hosted CSAF-Provider Service for interested organizations.
This paid service will offer a dedicated csaf_provider instance for your company and include:
- setup & operating of your csaf_provider
- handling of SSL, and optionally handling PGP- and Client-Certificates needed for a secure operation with the csaf_uploader
All you then have to do is to:
1. Have security.txt in place on your website that points to your CSAF Trusted Provider hosted with us. (5)
2. Generate valid CSAF-Documents and publish them with the csaf_uploader whenever you wish.
Interested? Email us email@example.com.