CSAF 2.0 - A New Start to Automate Advisories

Описание: Speaker: Thomas Schmidt (CERT Bund, DE)

It is not a novel insight that the number of discovered and treated vulnerabilities is constantly rising. As more vendors are dealing with coordinated vulnerability disclosure (CVD) also the number of security advisories rises. However, these advisories have to be processed by each customer individually to evaluate the cyber risk for their environment. This process is time and resource intensive. The talk presents the Common Security Advisory Framework (CSAF) Version 2.0 that supersedes the XML-based CSAF Common Vulnerability Reporting Framework (CVRF) 1.2. CSAF 2.0 is a JSON-based format for security advisories that will aid in automation of the process on both ends – advisory issuers as well as asset owners. CSAF 2.0 was developed in an international joined effort as open standard under the umbrella of the OASIS Open Foundation.

Why should you care? Most vendor have suppliers and need to look into supply chain issues. CSAF 2.0 provides a benefit through automation.

About the Speaker
Thomas Schmidt works in the ‘Industrial Automation and Control Systems' section of the German Federal Office for Information Security (BSI). He was BSI’s analyst for TRITION/TRISIS/HatMan and developed, together with partners, a rule set for Recognizing Anomalies in Protocols of Safety Networks: Schneider Electric‘s TriStation (RAPSN SETS). His focus is the automation of advisories at both sides: vendors/CERTs and asset owners.

To increase security of ICS, BSI responsibilities cover many areas including establishing trust and good relations with vendors and asset owners. BSI also conducts committee and standardization work (ISA99 and IEC 62443) and works with academia to improve education in ICS cyber security.

Mr. Schmidt completed his masters in IT-Security at Ruhr-University Bochum (Germany) which included a period of research at the SCADA Security Laboratory of Queensland University of Technology (Brisbane, Australia).