sei-vsarvepalli
commented
2 years ago CERT/CC is using CSAF currently as a rich Vulnerability format for representing all the information in our Vulnerability Notice https://kb.cert.org/vuls/ in a machine readable format. Each Vulnerability Note is available both before public release (via Private authenticated API) and after public release (via Public API) in CSAF format. More information available from Vul Note Public API and Vul Note Private API
We are also exploring some use cases as well with our Vultron protocol and potential use of CSAF for a more thorough analysis of CVD process - see Vultron Blog for more details of the proposed protocol. This long term plan for CSAF includes several activities like normalizing collection of vulnerability information from security researchers, gathering product status from vendors and finally collection of all metadata related to a vulnerability from external stakeholders (blogs, patches/workarounds, scores CVSS/SSVC, GitHub SA GHSA, exploits and threats) in order to manage the lifecycle of a vulnerability or a set of related vulnerabilities.
Create short videos (~ 2 minutes long) explaining the content described in the title of this issue. This issue is tracked in the parent issue #30