search

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
https://github.com/oasis-tcs/csaf
Other
142 stars 38 forks source link

Call for assisted input technology to mitigate complexity and support automation #359

Open sthagen opened 3 years ago

sthagen commented 3 years ago

Feedback

We have no problems with the schema itself, all of the required fields and values make sense and will fit nicely within our own notification template. Our chief concern is with automation. With the plethora of information needed for the CSAF schema and the large number of notifications that we send on a monthly basis, creating these files will be a very time-consuming task. We are hoping to see an upload feature added to the Secvisogram utility which will generate the CSAF JSON from an uploaded csv or docx file. We would like to see this concern addressed in future iterations of the tool.

Proposal

The TC will consider the feedback and this issue will allow to track progress publicly.

In addition, the editor @sthagen suggests to forward this concern as feature request to the secvisogram community at https://github.com/secvisogram/secvisogram

Scope CSDPR01 Comment

Received from Patrick Fuller of Schneider Electric per https://lists.oasis-open.org/archives/csaf-comment/202109/msg00001.html

tschmidtb51 commented 1 year ago

We are in the process of providing CSAF Content Management System that can be used to aid in creation of advisories. The tool is available at secvisogram/csaf-cms-backend.