lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050510082135.GD28045@Login.CERT.Uni-Stuttgart.DE>
Date: Tue, 10 May 2005 10:21:35 +0200
From: Oliver Goebel <Goebel@...T.Uni-Stuttgart.DE>
To: bugtraq@...urityfocus.com
Subject: CAIF 1.2 released


Dear all,

for your information:

The Common Announcement Interchange Format (CAIF) specification version
1.2 has been released.

A new version of the draft, reflecting all the changes made has been 
released too. 

All relevant documents are available from the CAIF home page.

CAIF Home:     
  http://cert.uni-stuttgart.de/projects/caif/

CAIF Format Spec:
  TXT:
  http://cert.uni-stuttgart.de/projects/caif/draft-goebel-caif-format.txt

  HTML:
  http://cert.uni-stuttgart.de/projects/caif/draft-goebel-caif-format.php

DTD:
  http://cert.uni-stuttgart.de/projects/caif/caif.dtd

Besides some normalization work in the design of the elements some new
general features have been introduced.  

Overview:

The draft describes an XML-based format for security announcements.  It
defines a basic but comprehensive set of elements that is designed to
describe the main aspects of issues related to security.  Besides
addressing more than one issue or problem within a single document the
format allows to provide information for more than one target group of
readers as well as multi-lingual textual descriptions.  It can be used
to selectively produce different renderings of an announcement for the
intended target groups, addressing one, a sub-set, or all problems in
one or multiple languages.  The set of pre-defined elements can be
extended to reflect either temporary, exotic or new requirements on a
per-document basis.  A special markup element allows to include
information for specific constituencies that can be removed before a
document is distributed.  Distriburion can be limited to one or a set of
defined constituencies.  CAIF documents may contain data that allow
the manual or automatic determination of the affectedness of systems by
a specific problem, e.g. OVAL definitions.  References within the CAIF
document can be used to interlink this data with other information thus
allow for the selective production of renderings adressing affected
systems.  


Please see the changelog at 

  http://cert.uni-stuttgart.de/projects/caif/ChangeLog.txt

for a detailed description of the changes made.

If you wish to be kept informed about new documents released, or updates
made to the existing ones, subscribe to the "caif-announce" mailing
list:

     * caif-announce@...ts.CERT.Uni-Stuttgart.DE

       To subscribe, send email to:
       <caif-announce-subscribe@...ts.CERT.Uni-Stuttgart.DE>

	       

Comments are very welcome on the caif-discuss-list:

     * caif-discuss@...ts.CERT.Uni-Stuttgart.DE

       To subscribe, send email to:
       <caif-discuss-subscribe@...ts.CERT.Uni-Stuttgart.DE>


Regards
	Ollie
-- 
Oliver Goebel                        mailto:Goebel@...T.Uni-Stuttgart.DE
RUS-CERT Stuttgart University        Tel:+49 711 121-3678 / -3688 (fax)
Breitscheidstr. 2, 70174 Stuttgart   http://CERT.Uni-Stuttgart.DE/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ