CSAF-Provider Hosting

CERT@VDE has been publishing CSAF advisories since the 1st quarter of 2024 and, in addition to operating CSAF Trusted Providers for partners, is planning a hosted CSAF Provider Service for interested organizations.

Why CSAF?

The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories. It plays a crucial role in the cybersecurity arena since it allows stakeholders to automate the creation and consumption of security vulnerability information and remediation.CERT@VDE has also advanced and implemented CSAF development as part of the BMBF-funded ZENSIM project (https://zensim-project.de/).

CSAF documents

A collection of tools have been developed to support the CSAF standard. One of these tools, the csaf_provider, implements the role 'CSAF Trusted Provider' and offers the technical basis to fulfill the requirements when distributing CSAF documents.

CSAF-Provider Service

This paid service will offer a dedicated csaf_provider instance for your company and include:

  • setup & operating of your csaf_provider
  • handling of SSL, and optionally handling PGP- and Client-Certificates needed for a secure operation with the csaf_uploader

Conditions

To use this service, you must fulfill the following requirements:

  1. Have a security.txt on your website that refers to your provider hosted by us .
  2. Generate valid CSAF documents and publish them with the csaf_uploader.

Interessiert? Schreiben sie uns an info@certvde.com.