Date: Tue, 10 May 2005 10:21:35 +0200
From: Oliver Goebel <Goebel@CERT.Uni-Stuttgart.DE.>
To: [email protected]Subject: CAIF 1.2 released
Message-ID: <20050510082135.GD28045@Login.CERT.Uni-Stuttgart.DE.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: RUS-CERT, Stuttgart University
User-Agent: Mutt/1.5.6i
X-Virus-Scanned: antivirus-gw at tyumen.ru
Dear all,
for your information:
The Common Announcement Interchange Format (CAIF) specification version
1.2 has been released.
A new version of the draft, reflecting all the changes made has been
released too.
All relevant documents are available from the CAIF home page.
CAIF Home:
http://cert.uni-stuttgart.de/projects/caif/
CAIF Format Spec:
TXT:
http://cert.uni-stuttgart.de/projects/caif/draft-goebel-caif-format.txt
HTML:
http://cert.uni-stuttgart.de/projects/caif/draft-goebel-caif-format.php
DTD:
http://cert.uni-stuttgart.de/projects/caif/caif.dtd
Besides some normalization work in the design of the elements some new
general features have been introduced.
Overview:
The draft describes an XML-based format for security announcements. It
defines a basic but comprehensive set of elements that is designed to
describe the main aspects of issues related to security. Besides
addressing more than one issue or problem within a single document the
format allows to provide information for more than one target group of
readers as well as multi-lingual textual descriptions. It can be used
to selectively produce different renderings of an announcement for the
intended target groups, addressing one, a sub-set, or all problems in
one or multiple languages. The set of pre-defined elements can be
extended to reflect either temporary, exotic or new requirements on a
per-document basis. A special markup element allows to include
information for specific constituencies that can be removed before a
document is distributed. Distriburion can be limited to one or a set of
defined constituencies. CAIF documents may contain data that allow
the manual or automatic determination of the affectedness of systems by
a specific problem, e.g. OVAL definitions. References within the CAIF
document can be used to interlink this data with other information thus
allow for the selective production of renderings adressing affected
systems.
Please see the changelog at
http://cert.uni-stuttgart.de/projects/caif/ChangeLog.txt
for a detailed description of the changes made.
If you wish to be kept informed about new documents released, or updates
made to the existing ones, subscribe to the "caif-announce" mailing
list:
* [email protected]
To subscribe, send email to:
<caif-announce-subscribe@Lists.CERT.Uni-Stuttgart.DE.>
Comments are very welcome on the caif-discuss-list:
* [email protected]
To subscribe, send email to:
<caif-discuss-subscribe@Lists.CERT.Uni-Stuttgart.DE.>
Regards
Ollie
--
Oliver Goebel mailto:Goebel@CERT.Uni-Stuttgart.DE.
RUS-CERT Stuttgart University Tel:+49 711 121-3678 / -3688 (fax)
Breitscheidstr. 2, 70174 Stuttgart http://CERT.Uni-Stuttgart.DE/