-
-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a link to the human and machine readable security advisories #209
Comments
In case it's of interest, there is an emerging discussion at the following link on how to communicate advisories in a format called VEX:
Perhaps in some iteration of the security.txt standard, it might suggest that such advisories when linked in a security.txt file SHOULD comply with the VEX format. |
Makes sense. FYI: The VEX community, NTIA and CSAF TC are working together. VEX is supported in CSAF. CSAF is one of the first standards supporting VEX. Some examples here. |
Being that the draft is in final review by the IETF / IESG, and this can be done via a new registry field, going to recommend delaying this until the registry is up and running |
Absolutely! Thank you so much for the consideration. |
To follow up on this... This is a good suggestion by @tschmidtb51
Reasoning: All other keywords are one word. CVRF didn't have a specification where and how to find those documents, CSAF does. |
CSAF field has been added to the registry |
Excellent! Thank you so much for your support! |
This may go hand-in-hand with #200 . The request is to add a link to the machine readable and human readable advisories of a company. For example:
Some vendors also have an API (such as https://developer.cisco.com/psirt/), but unfortunately, only just a very few do.
The text was updated successfully, but these errors were encountered: