CSAF

Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories. It plays a crucial role in the cybersecurity arena since it allows stakeholders to automate the creation and consumption of security vulnerability information and remediation... The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. The term Security Advisory describes any notification of security issues in products to or from product vendors, Product Security Incident Response Teams (PSIRTs), product resellers and distributors, and others. The focus of the term is on the security aspect impacting specific product-platform-version combinations. Developers of security scanning tools in particular are likely to find CSAF files most useful. CSAF supports the Vulnerability Exploitability eXchange (VEX) as a Profile and it is crucial in the software bill of materials (SBOM) ecosystem.

Also known as: OASIS CSAF TC