Cybersecuritydive posted how Microsoft will be disclosing vulnerabilities using the CSAF format. Here is the “dive brief”
Dive Brief:
- Microsoft will disclose vulnerabilities under the Common Security Advisory Framework, a move designed to help customers respond and remediate CVEs in a more efficient manner, the company said this week.
- CSAF is a format that is machine readable, which helps organizations digest the CVEs faster and in larger volumes. Customers will still be able to get CVE updates through the Microsoft security update guide or through an API based on the Common Vulnerability Reporting Framework. The CVRF serves as the standard for disclosing vulnerability information.
- The CSAF rollout represents the third in a series of changes to make vulnerability disclosure more transparent at Microsoft. The company in June announced Cloud Service CVEs and in April said it would publish root cause analysis using the Common Weakness Enumeration standard.
You can see the details on the cybersecuritydive post found HERE. CSAF is a commonly used format so this makes total sense.