< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Call for consent of Common Security Advisory Framework Version 2.0 as an OASIS Standard

Common Security Advisory Framework Version 2.0 CS03 has been presented to the membership by the CSAF TC [1] as a candidate for OASIS Standard. Do you consent or object to its approval as an OS?

This document is the definitive reference for the language elements of CSAF version 2.0. The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON.

The term Security Advisory describes any notification of security issues in products to or from product vendors, Product Security Incident Response Teams (PSIRTs), product resellers and distributors, and others. The focus of the term is on the security aspect impacting specific product-platform-version combinations.

The TC received 3 Statements of Use from Oracle Corporation, TIBCO Software Inc., and Federal Office for Information Security (BSI) Germany [2].

This is a call to the Organizational Members of OASIS to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however your consent is assumed unless you register an objection [3]. To register an objection, you must:

1. Indicate your objection on this ballot, and

2. Provide a reason for your objection and/or a proposed remedy to the TC.

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC's mailing list [4]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid.

URIs:

The Committee Specification is available here:

Common Security Advisory Framework Version 2.0
Committee Specification 03
01 August 2022

Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.md

HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html

PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.zip

Please contact OASIS TC Administration at tc-admin@lists.oasis-open.org with any questions you may have about this ballot.

--- Additional information ---

[1] Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/

[2] Statements of use

- Oracle Corporation:
https://lists.oasis-open.org/archives/csaf/202208/msg00002.html

- TIBCO Software Inc.:
https://lists.oasis-open.org/archives/csaf/202208/msg00000.html

- Federal Office for Information Security (BSI) Germany:
https://lists.oasis-open.org/archives/csaf/202207/msg00024.html

[3] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

[4] Comments may be submitted to the TC through the use of the OASIS TC Comment Facility as explained in the instructions located at https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=csaf

Comments submitted to the TC are publicly archived and can be viewed at https://lists.oasis-open.org/archives/csaf-comment/

Members of the TC should send comments directly to csaf@lists.oasis-open.org.

 [ ]  Consent
 [ ]  Object
Opening:   Saturday, 5 November 2022 @ 12:00 am UTC
Closing:   Friday, 18 November 2022 @ 11:59 pm UTC
Group:   OASIS organizational voting
Ballot has closed.

Referenced Items
Name Type Date Action
* 03732: Call for consent of Common Security Advisory Framework Version 2.0 as an OASIS Standard (143K)
Document
2022-11-18
No Access

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Consent 22 100%
Object 0 0%
Eligible companies who have voted: 22 of 201 11%
Eligible companies who have abstained: 0 of 201 0%
Eligible companies who have not voted: 179 of 201 89%

Voting Details

Voter Company VoteReference Document and/or Comment
Florian Skopik (Pri)
AIT Austrian Institute of Technology
--
 
Maria Adamczyk (Pri)
AT&T
--
 
Robert Coderre (Pri)
Accenture
Consent
 
scott tester (Pri)
Acme Test Company
--
 
Vivek Kumar (Pri)
Adobe Systems
--
 
Abbie Barbir (Pri)
Aetna
--
 
Steve Benton (Pri)
Anomali
--
 
Cameron Esfahani (Pri)
Apple
--
 
Steve Magers (Pri)
Arista Networks
--
 
Jim Price (Pri)
Arizona Supreme Court
--
 
Antonio Di Perna (Pri)
BankUnited, N.A.
--
 
Alvaro Sandoval (Pri)
Biblioteca del Congreso Nacional de Chile
--
 
Jim Tivy (Pri)
Bluestream
--
 
Karl Hribernik (Pri)
Bremen Institut fur Produktion und Logisti...
--
 
Bret Jordan (Pri)
Bret Jordan
Consent
 
Heather Kanser (Pri)
Broadcom
--
 
Martin Zádník (Pri)
CESNET, z. s. p. o.
--
 
Alexandre Dulaunoy (Pri)
CIRCL
--
 
Arsalan Iqbal (Pri)
CTM360
--
 
Laurie Tyzenhaus (Alt)
Carnegie Mellon University
Consent
 
Adelyn Zhou (Pri)
Chainlink
--
 
Narendra Vad (Pri)
Cisco Systems
Consent
 
Matthew Reed (Pri)
Coelition
--
 
Dawn Stevens (Pri)
Comtech Services, Inc.
--
 
John Wolpert (Pri)
Consensys AG
--
 
Jeff Williams (Pri)
Contrast Security
--
 
Daniel Riedel (Pri)
Copado
--
 
Tim Hudson (Pri)
Cryptsoft Pty Ltd.
--
 
Dmitry Raidman (Pri)
Cybeats
--
 
Jane Ginn (Pri)
Cyber Threat Intelligence Network, Inc. (C...
Consent
 
Anuj Goel (Pri)
Cyware Labs
--
 
Preston Werntz (Pri)
DHS Cybersecurity and Infrastructure Secur...
Consent
 
Ole Madsen (Pri)
Danish Business Authority
--
 
Paul Patrick (Pri)
DarkLight, Inc.
Consent
 
Len Vitello (Pri)
DataBrains, Inc
--
 
Judith Furlong (Pri)
Dell
Consent
 
Sigbjorn Berntzen (Pri)
Directorate of Labour and Welfare Norway
--
 
Mark Wood (Pri)
Disaster Relief Communications Foundation
--
 
Zaiming Shi (Pri)
EMQ Technologies Co., Ltd.
--
 
Andreas Schaffhauser (Pri)
EUMETNET
--
 
James Canterbury (Pri)
EYGS LLP
--
 
Aukjan van Belkum (Pri)
EclecticIQ
--
 
Matt Wakefield (Pri)
Electric Power Research Institute (EPRI)
--
 
Mark Nixon (Pri)
Emerson Process Management
--
 
Thomas Sigdestad (Pri)
Enonic
--
 
Mario Ouellet (Pri)
Environment Canada
--
 
Daniel Norkin (Pri)
Envision Blockchain Solutions LLC
--
 
Gary Egner (Pri)
Equivant
Consent
 
Carolina Canales-Valenzuela (Pri)
Ericsson
--
 
Olivier Leboeuf (Pri)
European Parliament
--
 
Pavel Rychly (Pri)
Faculty of Informatics Masaryk University
--
 
Thomas Schmidt (Pri)
Federal Office for Information Security (B...
Consent
 
Kendall Miller (Pri)
File & ServeXpress
--
 
Chris Ricard (Pri)
Financial Services Information Sharing and...
--
 
Andrew Cummings (Pri)
ForAllSecure Inc
--
 
Charles White (Pri)
Fornetix
--
 
Daniel Mallmann (Pri)
Forschungszentrum Juelich GmbH
--
 
Francisco de Andrés Pérez (Pri)
Francisco Luis de Andrés Pérez
Consent
 
Makiko Shimamura (Pri)
Fujitsu Limited
--
 
Patrik Jonasson (Pri)
GS1 AISBL
--
 
John Wandelt (Pri)
Georgia Tech Research Institute
--
 
Jeremy Allison (Pri)
Google Inc.
--
 
Paul Anderson (Pri)
GrammaTech, Inc.
--
 
Pierre-Jean Lautier (Pri)
HARMAN
--
 
Bill Burns (Pri)
HP Inc.
--
 
Bojan Simic (Pri)
HYPR CORP
--
 
Jeff Vernon (Pri)
HaasOnline
Consent
 
Christoph Meinel (Pri)
Hasso Plattner Institute
--
 
Priya Mysore (Pri)
Healthwise
--
 
Shiva Dasari (Pri)
Hewlett Packard Enterprise (HPE)
--
 
Akihito Sawada (Pri)
Hitachi, Ltd.
--
 
Christian Goetz (Pri)
HiveMQ GmbH
--
 
Fang You (Pri)
Huawei Technologies Co., Ltd.
--
 
Jason Keirstead (Pri)
IBM
--
 
Sid Baccam (Pri)
IEM
--
 
Ashwini Jarral (Pri)
IJIS Institute
--
 
Eric Sirois (Pri)
IXIASOFT
--
 
Ryan Foley (Pri)
ImageSoft, Inc.
--
 
Michael Priestley (Pri)
Individual
--
 
James Cabral (Pri)
InfoTrack US
--
 
Michael Markowitz (Pri)
Information Security Corporation
--
 
Philippe Merle (Pri)
Inria
--
 
Michelle Stout (Pri)
Intel Corp.
--
 
Katalin Bartfai-Walcott (Pri)
Intel Corporation
--
 
Steve Olshansky (Pri)
Internet Society (ISOC)
--
 
Ken Klingenstein (Pri)
Internet2
--
 
Stephen Chin (Pri)
JFrog
--
 
Damian Tamburri (Pri)
Jheronimus Academy of Data Science (JADS)
--
 
Christian Stoneburner (Pri)
Johns Hopkins University Applied Physics L...
--
 
Katherine Escobar (Pri)
Joint Staff JS-J6 Command, Control, Commun...
--
 
Simon Krek (Pri)
Jozef Stefan Institute
--
 
Camilla Boemann (Pri)
KDE e.V.
--
 
Sandra Stuart (Pri)
Kaiser Permanente
--
 
Axel Reichwein (Pri)
Koneksys
--
 
Milos Jakubicek (Pri)
Lexical Computing CZ s.r.o.
--
 
Maarten van der Veen (Pri)
Logius
--
 
Snorri Ogata (Pri)
Los Angeles Superior Court
--
 
Thomas Hardjono (Pri)
M.I.T.
--
 
Shasi Pulijala (Pri)
Marvell Semiconductor, Inc
--
 
Arjun Kalsy (Pri)
Matic Network BVI Limited
--
 
Michael Angelo (Pri)
Micro Focus
--
 
Nikola Malcolm (Pri)
Microsoft
--
 
Xavier Guimard (Pri)
Ministere de L'Interieur-France
--
 
Doraiswamy ('Raj') Rajagopal (Pri)
Mitre Corporation
--
 
Yuichiro Yoshinari (Pri)
Mitsubishi Corporation (Americas)
--
 
Oswald Kuyler (Pri)
MonetaGo Asia Pacific Private Limited
--
 
Olumide Akinwande (Pri)
Montech Studios Inc
--
 
Charles Wilson (Pri)
Motional AD
--
 
Anton Mozgovoy (Pri)
Mover
--
 
Gary Crowe (Pri)
NAPPS
--
 
Takahiro Kakumaru (Pri)
NEC Corporation
--
 
Kevin Mangold (Pri)
NIST
Consent
 
Andrea Hardy (Pri)
NOAA/NWS
--
 
David Elwood (Pri)
National Association for Justice Informati...
--
 
Jim Harris (Pri)
National Center for State Courts
Consent
 
Denise Anderson (Pri)
National Council of ISACs (NCI)
--
 
Mike Boyle (Pri)
National Security Agency
--
 
John McCrae (Pri)
National University of Ireland Galway
--
 
Tim Chevalier (Pri)
NetApp
--
 
Erin O'Reilly (Pri)
NetCracker
--
 
Philip Weir (Pri)
New Zealand Government
--
 
Thinh Nguyenphu (Pri)
Nokia
--
 
Paul Seay (Pri)
Northrop Grumman
--
 
Scott McGrath (Pri)
OASIS
--
 
Andre Fatton (Pri)
Octavo Labs
--
 
Scott Simmons (Pri)
Open Geospatial Consortium, Inc. (OGC)
--
 
Rolf Bienert (Pri)
OpenADR Alliance, Inc.
--
 
Matti Moell (Pri)
OpenSynergy GmbH
--
 
Anish Karmarkar (Pri)
Oracle
Consent
 
Mark Joseph (Pri)
P6R, Inc
--
 
Veronique Parisse (Pri)
ParBer Consulting SARL-S
--
 
Stefanie Hale (Pri)
Peraton
--
 
Greta Villagran (Pri)
Pinary Inc.
--
 
Robert Davis (Pri)
Plutora
--
 
Peter Reynolds (Pri)
Polish Association of Translation Agencies...
--
 
Danilo Ardagna (Pri)
Politecnico di Milano-DEIB
--
 
Matt Hepler (Pri)
Praesidium Partners Inc DBA Arca Funds
--
 
Rob Hanna (Pri)
Precision Content Authoring Solutions Inc.
--
 
Umberto Rosini (Pri)
Presidenza del Consiglio dei Ministri - Di...
--
 
Tomas Gustavsson (Pri)
PrimeKey Solutions AB
--
 
Brad Thomas (Pri)
Prophecy International
--
 
Kyle Thomas (Pri)
Provide Technologies Inc.
--
 
Maria Manuela Cruz (Pri)
Publications Office of the European Union
--
 
John Leiseboer (Pri)
QuintessenceLabs Pty Ltd.
--
 
Matthew Gardiner (Pri)
Rapid7, Inc.
--
 
Sam DeBord (Pri)
Real Estate Standards Organization (RESO)
--
 
Mark Little (Pri)
Red Hat
Consent
 
Gershon Janssen (Pri)
Reideate
--
 
Forrest Hare (Pri)
SAIC
--
 
Ralf Handl (Pri)
SAP SE
--
 
Frank Closset (Pri)
SDL
--
 
David Bizeul (Pri)
SEKOIA
--
 
Phu Nguyen (Pri)
SINTEF
--
 
Leif Johansson (Pri)
SUNET
--
 
Altaz Valani (Pri)
Security Compass
--
 
Scott Hudson (Pri)
ServiceNow
--
 
Marquart FRANZ (Pri)
Siemens AG
Consent
 
John Batts (Pri)
Snyk Ltd
--
 
Fabrice Bellingard (Pri)
Sonar
--
 
Pim van der Eijk (Pri)
Sonnenglanz Consulting
--
 
Joe Levy (Pri)
Sophos Ltd
--
 
Alexandre Cabrol Perales (Pri)
Sopra Steria Group
--
 
Carole Tiberius (Pri)
Stichting Instituut voor de Nederlandse Taal
--
 
Maria Larsson (Pri)
Swedish Association of Local Authorities & Regions
--
 
Martin Torngren (Pri)
Swedish Royal Institute of Technology
--
 
Steve Dischinger (Pri)
Synadia Communications, Inc.
--
 
Tony Cox (Pri)
TC Logic
--
 
Denny Page (Pri)
TIBCO Software Inc.
Consent
 
Sebastiaan Tesink (Pri)
TNO
--
 
Julie Wang (Pri)
TWNCERT
--
 
Sotiris Ioannidis (Pri)
Telecommunication Systems Institute
--
 
Mark Mastrangeli (Pri)
Tenzir
--
 
Florian Effenberger (Pri)
The Document Foundation
--
 
Jens Aabol (Pri)
The Norwegian Agency for Public and Financ...
--
 
Andrew Pendergast (Pri)
ThreatConnect, Inc.
--
 
David Lewis (Pri)
Trinity College Dublin (ADAPT)
--
 
Ori Eisen (Pri)
Trusona, Inc.
--
 
Philip Baughman (Pri)
Tyler Technologies, Inc.
--
 
George Parson (Pri)
US Department of Defense (DoD)
--
 
Philip Mattson (Pri)
US Department of Homeland Security Science...
--
 
Keven Ates (Pri)
US Federal Bureau of Investigation
--
 
Monica Palmirani (Pri)
University of Bologna-CIRSFID
--
 
Reka Markovich (Pri)
University of Luxembourg
--
 
Toby Considine (Pri)
University of North Carolina at Chapel Hill
--
 
Vasileios Mavroeidis (Pri)
University of Oslo
--
 
Gabriele Pierantoni (Pri)
University of Westminster
--
 
Dieter Bong (Pri)
Utimaco IS GmbH
Consent
 
Pavel Azaletskiy (Pri)
V.S. Optima Inc
--
 
Franco De Bonis (Pri)
VISUA
--
 
Eric Betts (Pri)
VMware, Inc.
Consent
 
Helen Beal (Pri)
Value Stream Management Consortium
--
 
Chris Wysopal (Pri)
Veracode
--
 
Ori Bach (Pri)
WhiteSource
--
 
David Riddoch (Pri)
Xilinx, Inc
--
 
Michael Stahl (Pri)
allotropia software GmbH
--
 
Manuel Souto Pico (Pri)
cApStAn SA
--
 
Peter Borresen (Pri)
ebConnect
--
 
Hamish Cameron (Pri)
nCipher
Consent
 
Danilo Beuche (Pri)
pure-systems GmbH
--
 
Duncan Sparrell (Pri)
sFractal Consulting LLC
Consent
 
Simon Johnson (Pri)
u-blox AG
--