CVRF vs. CSAF

Jonathan Long
Tera Contributor

Are there future plans to create integrations for CSAF(Common Security Advisory Framework) JSON format since the CVRF(Common Vulnerability Reporting) XML format has been superceded by CSAF? 

3 REPLIES 3

Sagar28
ServiceNow Employee
ServiceNow Employee

Hi @Jonathan Long , we have already open an Idea against this one here . Can please upvote same and I will inform relevant PM internally?

Sarath S
ServiceNow Employee
ServiceNow Employee

Hi @Jonathan Long , During my earlier research in 2023, many vendors were yet to support the CSAF framework; hence, we decided to wait until there is wider adoption of the new framework by vendors. If CSAF integration is supported, to which vendors' data would you be subscribing? Are you considering incorporating solutions data, and if so, how do you plan to further utilize the solution information?

 

Thanks,

Sarath S
Product Manager, vulnerability Response

Jonathan Long
Tera Contributor

Thanks for the response. I figured it was rather early to tell if that catches on,  the company I partner with was just reviewing Oracle's indication of the shift to the newer format.  Not sure about the utilization of the solution information other than it to be available within VR for review

.