Microsoft revamps how it will disclose vulnerabilities

Cybersecuritydive posted how Microsoft will be disclosing vulnerabilities using the CSAF format. Here is the “dive brief”

Dive Brief:

  • CSAF is a format that is machine readable, which helps organizations digest the CVEs faster and in larger volumes. Customers will still be able to get CVE updates through the Microsoft security update guide or through an API based on the Common Vulnerability Reporting Framework. The CVRF serves as the standard for disclosing vulnerability information. 

  • The CSAF rollout represents the third in a series of changes to make vulnerability disclosure more transparent at Microsoft. The company in June announced Cloud Service CVEs and in April said it would publish root cause analysis using the Common Weakness Enumeration standard.

You can see the details on the cybersecuritydive post found HERE. CSAF is a commonly used format so this makes total sense.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.