Dear colleagues, the draft currently lists in section 9.2 a reference to CSAF: > [CSAF] OASIS, "Common Security Advisory Format", July 2021, > <https://github.com/oasis-tcs/csaf>. The correct name is "Common Security Advisory Framework". Please also update the link to the standard to https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html or https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html Suggested: > [CSAF] OASIS, "Common Security Advisory Framework Version 2.0", November 2022, > <https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html>. I guess a similar comment applies to CVRF which is currently listed as: > [CVRF] Santos, O., Ed., "Common Vulnerability Reporting Framework > (CVRF) Version 1.2", September 2017, <https://docs.oasis- > open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>. But instead should be: > [CVRF] OASIS , "Common Vulnerability Reporting Framework > (CVRF) Version 1.2", September 2017, <https://docs.oasis- > open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>. You could add the editors for both as well - but I'm not too sure what the recommended format from IEFT looks like. Kind regards, Thomas Schmidt -- Thomas Schmidt -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
