-
It looks like the current version (3.0.0-beta1; but it might have existed in previous version), does not evaluated the format contraints. This was discovered when checking https://github.com/cisagov/C…
-
Hello TC,
In the course of integrating a CSAF trusted provider into the [Juice Shop](https://github.com/juice-shop/juice-shop/issues/2198), I encountered a reference to cryptographic material, `pub…
-
Displaying https://csaf-poc.github.io/csaf_webview/feed?q=https://csaf.data.security.nozominetworks.com/provider-metadata.json
and clicking on "Distribution 1" gives me a crash with 1.0.0 and the …
-
Currently, we don't list CSAF provider with empty feeds in our `csaf_aggregator`. However, that might be helpful to advertise their existence. We need to consider, whether that should be implemented f…
-
The Common Security Advisory Framework Version 2.0 is now an approved specification in the industry. Details about the specification can be found at: https://csaf.io and https://docs.oasis-open.org/cs…
-
In the aggregator schema, we use the pattern
https://github.com/oasis-tcs/csaf/blob/5757eeb192f30dbf1752d15365e335c3408ce4df/csaf_2.0/json_schema/aggregator_json_schema.json#L13
I was informed …
-
This reply is from Marcus Meissner from Suse
```
Hi,
FWIW. the backports data in the yaml directory is no longer generated
and I have now deleted the data. Our PM only wishes that we publish da…
-
in version 1.2 (http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html#_Toc493508771)
section 5.1.3
This section indicates that the prod:Relationship element would contain ON…
-
Hi,
To improve the vision of CSAF, I've opened an [issue](https://github.com/juice-shop/juice-shop/issues/2198) for the OWASP Juice Shop. As a core team member of the OWASP Juice Shop, I'm planning…
-
I would like to propose that the CVE JSON 5.0 schema implement the CSAF/VEX schema as well. This would make it much easier for vendors that act as CNAs to issue CVEs for their products but also provi…