Re: [Last-Call] Last Call: (Discovering and Retrieving Software Transparency and Vulnerability Information) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear colleagues,

the draft currently lists in section 9.2 a reference to CSAF:

> [CSAF]     OASIS, "Common Security Advisory Format", July 2021,
>               <https://github.com/oasis-tcs/csaf>.

The correct name is "Common Security Advisory Framework". Please also update the link to the standard to https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html or https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html

Suggested:
> [CSAF]     OASIS, "Common Security Advisory Framework Version 2.0", November 2022,
>               <https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html>.

I guess a similar comment applies to CVRF which is currently listed as:

>   [CVRF]     Santos, O., Ed., "Common Vulnerability Reporting Framework
>              (CVRF) Version 1.2", September 2017, <https://docs.oasis-
>              open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>.

But instead should be:

>   [CVRF]     OASIS , "Common Vulnerability Reporting Framework
>              (CVRF) Version 1.2", September 2017, <https://docs.oasis-
>              open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>.

You could add the editors for both as well - but I'm not too sure what the recommended format from IEFT looks like.

Kind regards,
Thomas Schmidt

-- 
Thomas Schmidt

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux