Patch and Update Management Made Easy - Through Automation with CSAF
It is not a novel insight that the number of discovered vulnerabilities is constantly rising. As more vendors are dealing with coordinated vulnerability disclosure also the number of security advisories rises. However, these advisories have to be processed by each customer individually to evaluate the cyber risk for their environment or products. This process is time and resource intensive. Moreover, SBOMs provide greater insights into the supply chain which will also add to the released advisories. The manual process used today doesn't scale. Therefore, the international community developed in a joint effort as an open standard the Common Security Advisory Framework (CSAF) Version 2.0. CSAF 2.0 is a JSON-based format for security advisories that will aid in the automation of the process on both ends - advisory issuers as well as consumers of advisories. It also specifies how to distribute and discover new security advisories.