Uploaded image for project: 'OASIS Common Security Advisory Framework (CSAF) TC'
  1. OASIS Common Security Advisory Framework (CSAF) TC
  2. CSAF-6

Analysis of "EISPP Common Advisory Format" and any possible relation to CSAF work products

    XMLWordPrintable

    Details

    • Type: Task
    • Status: New
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:

      [New]

      Description

      This issue (task) is one of many similar formal issues formalizing the TCs process to analyse similar work.
      It deals with the analysis of the "EISPP Common Advisory Format" (cf. http://www.cert-ist.com/eispp/documents.htm#common_format ),
      which has been named explicitedly as similar work in section (2)(a) "Identification of Similar Work"
      of the "OASIS Common Security Advisory Framework (CSAF) Technical Committee Charter" (cf. http://www.oasis-open.org/committees/csaf/charter.php ).

      This issue allows us to track and document progress and findings of the CSAF TC of the following:

      1. understand and summarize EISPP
      2. ensure synergy potentials are identified
      3. discussion of the relation to and reaction on EISPP
      4. documentation of result

      When checked at 2016-11-24 the (HTML format) document tree root referenced existed at the URL http://www.cert-ist.com/eispp/documents.htm#common_format and some bibliographic data identified was:

      URL = http://www.cert-ist.com/eispp/documents.htm#common_format
      Authors/Editors = N.N.
      AuthorInstitution = N.N. / IST / EISPP Consortium
      DocumentDate = 2004-05-20

      DocumentTitle = VULDEF: The VULnerability Data publication and Exchange Format data model
      DocumentStatus ==
      """
      This document describes a corner stone of the EISPP approach towards supplying
      SMEs with security advisories: a common advisory format, which will enable an easy
      exchange of advisory data between the four CERTs participating in EISPP.
      The advisory format merges the best-practice information regarding security
      advisories of these four CERTs.
      """
      DocumentCopyright = "©EISPP Consortium"

      Abstract ==
      """ (content taken from Executive Summary of LinkedData::Instance[1])
      The European Information Security Promotion Programme (EISPP) strives
      to set up a network of expertise with the aim of providing European
      SMEs with those IT Security services that give them the necessary trust
      in e-commerce to develop their businesses in that direction.
      EISPP is a project fund by the EU through the fifth European Framework
      Program within the thematic program Information Society Technologies (IST).
      Further information about EISPP can be found at its website, http://www.eispp.org/.

      Probably the most important security service SMEs have to be provided with,
      is an advisory service, i.e., the distribution of so-called security
      advisories that provides system administrators with precise and timely
      information about new vulnerabilities and what can be done against them.
      Such information is absolutely essential for IT security, because new
      vulnerabilities are discovered on a daily basis. IT systems can only
      be kept secure, if they are regularly upgraded or patched such that the
      latest security holes are closed again.

      This document describes a corner stone of the EISPP approach towards
      supplying SMEs with security advisories: a common advisory format,
      which will enable an easy exchange of advisory data between the four
      CERTs participating in EISPP. The advisory format merges the best-practice
      information regarding security advisories of these four CERTs.

      The format is defined using XML, so the various standards and standard
      tools of the XML-family can be used for advisory processing.
      The XML data-type description of this (and future versions) of the format,
      together with sample XSLT style sheets for displaying advisory data,
      are made publicly available on EISPP's website http://www.eispp.org.
      """

      LinkedDataInstanceCount = 3

      LinkedData::Instance[1]:
      LinkedData = http://www.cert-ist.com/eispp/commonformat_2_0.pdf
      LinkedDataDetails = EISPP Common Advisory Format Description
      LinkedDataId = EISPP-D3-001-TR
      LinkedDataVersion = "2.0"
      LinkedDAtaDate = 2004-05-20

      LinkedData::Instance[2]:
      LinkedData = http://www.cert-ist.com/eispp/valuelist_2_0.pdf
      LinkedDataDetails = EISPP Common Advisory Format Description: Value Lists
      LinkedDataId = EISPP-D3-001b-TR
      LinkedDataVersion = "2.0"
      LinkedDAtaDate = 2004-05-20

      LinkedData::Instance[3]:
      LinkedData = http://www.cert-ist.com/eispp/eispp_v20.dtd.txt
      LinkedDataDetails = Linked from entry document, contains dtd implementation of EISPP CAFD
      LinkedDataVersion = "2.0"

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sdrees Stefan Hagen
            • Watchers:
              1 Start watching this issue

              Dates

              • Due:
                Created:
                Updated: