CVRF vs. CSAF

Jonathan Long · ‎11-07-2023

Are there future plans to create integrations for CSAF(Common Security Advisory Framework) JSON format since the CVRF(Common Vulnerability Reporting) XML format has been superceded by CSAF?

Sagar28 · ‎11-07-2023

Hi @Jonathan Long , we have already open an Idea against this one here . Can please upvote same and I will inform relevant PM internally?

Sarath S · ‎11-07-2023

Hi @Jonathan Long , During my earlier research in 2023, many vendors were yet to support the CSAF framework; hence, we decided to wait until there is wider adoption of the new framework by vendors. If CSAF integration is supported, to which vendors' data would you be subscribing? Are you considering incorporating solutions data, and if so, how do you plan to further utilize the solution information?

Thanks,

Sarath S
Product Manager, vulnerability Response

Jonathan Long · ‎11-08-2023

Thanks for the response. I figured it was rather early to tell if that catches on, the company I partner with was just reviewing Oracle's indication of the shift to the newer format. Not sure about the utilization of the solution information other than it to be available within VR for review

.