Bernhard E. Reiter

"The Common Security Advisory Framework (#CSAF) is an effective and efficient means by which manufacturers can communicate their recommendations for action on vulnerabilities."

writes the Institute for Occupational Safety and Health (a main department of the German Social Accident Insurance) here:

https://www.dguv.de/ifa/fachinfos/industrial-security/csaf/index-2.jsp

further
"New EU regulations place greater responsibility on manufacturers of products with digital elements.

For example, Article 14 (8) of the Cyber Resilience Act (CRA) sets out "reporting obligations of manufacturers", together with strict deadlines."

Note that https://www.csaf.io/specification/ version 2.1 is available as "Committee Specification Draft 02" since a few weeks. The technical committee welcomes comments!

IFA - Technical Information - Industrial Security - CSAF

The Common Security Advisory Framework (CSAF) is an effective and efficient means by which manufacturers can communicate their recommendations for action on vulnerabilities. Graphical interfaces for use with CSAF, such as Secvisogram (available free of charge), facilitate input and maintenance of data in compliance with the standard.

Apr 23 at 8:31amWeb