OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
We have no problems with the schema itself, all of the required fields and values make sense and will fit nicely within our own notification template. Our chief concern is with automation. With the plethora of information needed for the CSAF schema and the large number of notifications that we send on a monthly basis, creating these files will be a very time-consuming task. We are hoping to see an upload feature added to the Secvisogram utility which will generate the CSAF JSON from an uploaded csv or docx file. We would like to see this concern addressed in future iterations of the tool.
Proposal
The TC will consider the feedback and this issue will allow to track progress publicly.
We are in the process of providing CSAF Content Management System that can be used to aid in creation of advisories. The tool is available at secvisogram/csaf-cms-backend.
Feedback
Proposal
The TC will consider the feedback and this issue will allow to track progress publicly.
In addition, the editor @sthagen suggests to forward this concern as feature request to the secvisogram community at https://github.com/secvisogram/secvisogram
Scope CSDPR01 Comment
Received from Patrick Fuller of Schneider Electric per https://lists.oasis-open.org/archives/csaf-comment/202109/msg00001.html