tschmidtb51
tschmidtb51
One really cool thing about CSAF is the distribution and the discovery. We should add that somewhere. Maybe do a video to explain it?
It would be beneficial to add a FAQ section. Questions could be: - What is CSAF? - Which problem is addressed by CSAF? - Can I use CSAF? - Does...
As we have the CSD in PR we should link to https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json instead https://github.com/oasis-tcs/csaf/tree/master/csaf_2.0/json_schema. We should also consider to add the other (aggregator and provider-metadata) schemas somewhere.
The [SecurityTXT project](https://securitytxt.org) provides an online generator for their file format. We should have something similar for th `provider-metadata.json`. Maybe we could generate that with GH-Pages or as a standalone...
I think we should add some How-Tos, e.g.: - How to deal with a Hotfix in the `product_tree` - How to use `product_status` I attached a file [CSAF_TC_Example_Hotfix_2021_0001.json.txt](https://github.com/oasis-open/csaf-documentation/files/6429005/CSAF_TC_Example_Hotfix_2021_0001.json.txt) which shows...
I had a quick look at the CSAF files produced by CERT/CC's VINCE instance: The `revision_history` and `/document/tracking/version` information differs from the human readable advisory, e.g. `VU#572615`: CSAF: ``` "revision_history":...
I have the vision that VINCE should be federated. This would help to transport/share information between different VINCE instances (of different countries) - especially in joined cases. (Just think about...
In our coordination, we have a "standard process" that we apply for (almost) every coordination. It would be nice, if we could have a customizable workflow. For example (a rough...
Currently, the `csaf_checker` does not report if one of the fields in a `changes.csv` is not quoted. Can we change that to report this violation?
Currently, we need to find a valid PMD to run the checks. However, that does not help the user, if he made a mistake in creating the PMD. We should...