[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CAIF 1.2 released

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] CAIF 1.2 released
From: Oliver Goebel <Goebel@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 10 May 2005 10:16:50 +0200

Dear list,

for your information:

The Common Announcement Interchange Format (CAIF) specification version
1.2 has been released.

A new version of the draft, reflecting all the changes made has been 
released too. 

All relevant documents are available from the CAIF home page.

CAIF Home:     
  http://cert.uni-stuttgart.de/projects/caif/

CAIF Format Spec:
  TXT:
  http://cert.uni-stuttgart.de/projects/caif/draft-goebel-caif-format.txt

  HTML:
  http://cert.uni-stuttgart.de/projects/caif/draft-goebel-caif-format.php

DTD:
  http://cert.uni-stuttgart.de/projects/caif/caif.dtd

Besides some normalization work in the design of the elements some new
general features have been introduced.  

Overview:

The draft describes an XML-based format for security announcements.  It
defines a basic but comprehensive set of elements that is designed to
describe the main aspects of issues related to security.  Besides
addressing more than one issue or problem within a single document the
format allows to provide information for more than one target group of
readers as well as multi-lingual textual descriptions.  It can be used
to selectively produce different renderings of an announcement for the
intended target groups, addressing one, a sub-set, or all problems in
one or multiple languages.  The set of pre-defined elements can be
extended to reflect either temporary, exotic or new requirements on a
per-document basis.  A special markup element allows to include
information for specific constituencies that can be removed before a
document is distributed.  Distriburion can be limited to one or a set of
defined constituencies.  CAIF documents may contain data that allow
the manual or automatic determination of the affectedness of systems by
a specific problem, e.g. OVAL definitions.  References within the CAIF
document can be used to interlink this data with other information thus
allow for the selective production of renderings adressing affected
systems.  


Please see the changelog at 

  http://cert.uni-stuttgart.de/projects/caif/ChangeLog.txt

for a detailed description of the changes made.

If you wish to be kept informed about new documents released, or updates
made to the existing ones, subscribe to the "caif-announce" mailing
list:

     * caif-announce@xxxxxxxxxxxxxxxxxxxxxxxxxxx

       To subscribe, send email to:
       <caif-announce-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

               

Comments are very welcome on the caif-discuss-list:

     * caif-discuss@xxxxxxxxxxxxxxxxxxxxxxxxxxx

       To subscribe, send email to:
       <caif-discuss-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx>



Regards
        Ollie
-- 
Oliver Goebel                        mailto:Goebel@xxxxxxxxxxxxxxxxxxxxx
RUS-CERT Stuttgart University        Tel:+49 711 121-3678 / -3688 (fax)
Breitscheidstr. 2, 70174 Stuttgart   http://CERT.Uni-Stuttgart.DE/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Fwd: GWAVA Sender Notification (Content filter)
Next by Date: Re: [Full-disclosure] coldfusion pentest
Previous by thread: Re: [Full-disclosure] coldfusion pentest
Next by thread: [Full-disclosure] remote root security bug in ethereal 0.9.13 >= and <= 0.10.10
Index(es):
- Date
- Thread