-
Notifications
You must be signed in to change notification settings - Fork 13
/
webinar.html
160 lines (115 loc) · 12.9 KB
/
webinar.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image:src" content="">
<meta property="og:image" content="">
<meta name="twitter:title" content="CSAF Webinar December 2022">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1">
<link rel="shortcut icon" href="assets/images/screen-shot-2022-11-28-at-10.16.00-pm-279x97.png" type="image/x-icon">
<meta name="description" content="Using CSAF to Respond to Supply Chain Vulnerabilities at Large Scale The Common Security Advisory Framework (CSAF) is a standard to communicate Supply Chain and every-day vulnerabilities in an automated fashion. It therefore leverages the potential of SBOM and implements VEX. CSAF allows for the disclosure of security-related vulnerabilities in software, hardware, and specifications in machine-readable format. It supports automation of the production, distribution, and consumption of security advisories—reducing the time between when vulnerabilities are disclosed and when businesses remediate them. That’s why the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently listed the widespread adoption of CSAF as one of “three critical steps to advance the vulnerability management ecosystem.”
In this webinar, members of the OASIS Open Technical Committee that developed CSAF will review the standard and explain its potential impact on vulnerability management. They will also demonstrate how CSAF documents work with Software Bills of Materials (SBOMs) and implement the Vulnerability Exploitability eXchange (VEX) to improve global cybersecurity.">
<title>CSAF Webinar December 2022</title>
<link rel="stylesheet" href="assets/web/assets/mobirise-icons/mobirise-icons.css">
<link rel="stylesheet" href="assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap-grid.min.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap-reboot.min.css">
<link rel="stylesheet" href="assets/dropdown/css/style.css">
<link rel="stylesheet" href="assets/socicon/css/styles.css">
<link rel="stylesheet" href="assets/theme/css/style.css">
<link rel="preload" href="https://fonts.googleapis.com/css?family=Darker+Grotesque:300,400,500,600,700,800,900&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Darker+Grotesque:300,400,500,600,700,800,900&display=swap"></noscript>
<link rel="preload" as="style" href="assets/mobirise/css/mbr-additional.css"><link rel="stylesheet" href="assets/mobirise/css/mbr-additional.css" type="text/css">
</head>
<body>
<section data-bs-version="5.1" class="menu menu1 cid-sRAtISOGzm" once="menu" id="menu1-n">
<nav class="navbar navbar-dropdown navbar-expand-lg">
<div class="container-custom container-fluid">
<div class="navbar-brand">
<span class="navbar-logo">
<a href="index.html">
<img src="assets/images/screen-shot-2022-11-28-at-10.16.00-pm-279x97.png" alt="CSAF" style="height: 5.3rem;">
</a>
</span>
</div>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-bs-toggle="collapse" data-target="#navbarSupportedContent" data-bs-target="#navbarSupportedContent" aria-controls="navbarNavAltMarkup" aria-expanded="false" aria-label="Toggle navigation">
<div class="hamburger">
<span></span>
<span></span>
<span></span>
<span></span>
</div>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<div class="navbar-nav-container">
<ul class="navbar-nav nav-dropdown nav-right" data-app-modern-menu="true"><li class="nav-item"><a class="nav-link link text-primary display-7" href="https://docs.oasis-open.org/csaf/csaf/v2.0/errata01/os/schemas/" target="_blank"><span class="fa fa-file-code-o mbr-iconfont mbr-iconfont-btn"></span>
Schemas</a></li>
<li class="nav-item"><a class="nav-link link text-primary display-7" href="specification.html" target="_blank"><span class="icon54-v1-document-file mbr-iconfont mbr-iconfont-btn"></span>
Specification</a></li>
<li class="nav-item"><a class="nav-link link text-primary display-7" href="https://github.com/oasis-tcs/csaf" target="_blank"><span class="mbri-github mbr-iconfont mbr-iconfont-btn"></span>
GitHub</a> </li>
<li class="nav-item"><a class="nav-link link text-primary display-7" href="faq.html"><span class="mbrib-question mbr-iconfont mbr-iconfont-btn"></span>FAQ</a>
</li></ul>
</div>
</div>
</div>
</nav>
</section>
<section class="features2 cid-toHjvHRHpO" id="features2-q">
<div class="container-fluid">
<div class="row justify-content-center">
<div class="col-12 col-md col-text">
<div class="text-wrapper">
<h1 class="mbr-section-title mbr-fonts-style display-2">
Webinar: Using CSAF to Respond to Supply Chain Vulnerabilities at Large Scale </h1>
<p class="mbr-text mbr-fonts-style mb-0 display-7"><a href="https://www.youtube.com/watch?v=z6Psfopy55E" class="text-primary" target="_blank">WEBINAR RECORDING</a><br><br>The Common Security Advisory Framework (CSAF) is a standard to communicate Supply Chain and every-day vulnerabilities in an automated fashion. It therefore leverages the potential of SBOM and implements VEX. CSAF allows for the disclosure of security-related vulnerabilities in software, hardware, and specifications in machine-readable format. It supports automation of the production, distribution, and consumption of security advisories—reducing the time between when vulnerabilities are disclosed and when businesses remediate them. That’s why the U.S. Cybersecurity and Infrastructure Security Agency (CISA)<a href="https://www.cisa.gov/blog/2022/11/10/transforming-vulnerability-management-landscape" class="text-primary" target="_blank"> recently listed the widespread adoption of CSAF as one of “three critical steps to advance the vulnerability management ecosystem.”</a><br><br>In this webinar, members of the OASIS Open Technical Committee that developed CSAF will review the standard and explain its potential impact on vulnerability management. They will also demonstrate how CSAF documents work with Software Bills of Materials (SBOMs) and implement the Vulnerability Exploitability eXchange (VEX) to improve global cybersecurity.<br><br></p>
<div class="btn-container">
<div class="mbr-section-btn"><a class="btn btn-info display-7" href="https://oasis-open.github.io/csaf-documentation/presentations/CSAF_WEBINAR_DEC_2022.pdf" target="_blank">Download the slides!</a> <a class="btn btn-info display-7" href="https://www.youtube.com/watch?v=z6Psfopy55E" target="_blank">RECORDED VIDEO</a></div>
</div>
</div>
</div>
<div class="col-12 col-md-4 image-wrapper">
<a href="#" target="_blank"><img src="assets/images/csaf-vex-471x181.png" alt="CSAF VEX Webinar"></a>
</div>
</div>
</div>
</section>
<section class="features1 cid-toHkEVledf" id="features1-r">
<div class="container-fluid">
<div class="row justify-content-center">
<div class="col-12 col-md col-text">
<div class="text-wrapper">
<h1 class="mbr-section-title mbr-fonts-style display-2">
Speakers </h1>
<p class="mbr-text mbr-fonts-style mb-0 display-7"><strong>Thomas Schmidt</strong><br>Subject Matter Expert @German Federal Office for Information Security (BSI)<br>Thomas Schmidt works in the Industrial Automation and Control Systems section of the German Federal Office for Information Security (BSI). His focus is the automation of advisories at both sides: vendors/CERTs and asset owners. Schmidt has been a leader in the OASIS Open CSAF technical committee and key in bridging this work with the CISA SBOM work. To increase the security of ICS and the broader ecosystem, BSI responsibilities cover many areas including establishing trust and good relations with vendors and asset owners. Schmidt completed his master's in IT-Security at Ruhr-University Bochum (Germany) which included a period of research at the SCADA Security Laboratory of Queensland University of Technology (Brisbane, Australia).<br><br><br><strong>Omar Santos</strong><br>Chair, CSAF Technical Committee and Product Security Incident Response Team (PSIRT) - Security Research & Operations @Cisco Systems<br>Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of over 20 books and video courses; numerous white papers, articles, and security configuration guidelines and best practices. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as TheRegister, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune Magazine, Ars Technica, and more.<br><br><br><strong>Diane Morris</strong><br>Content Manager for Product Security Incident Response Team @Cisco Systems<br>Diane Morris is a content manager for Cisco’s Product Security Incident Response Team. Her team’s responsibilities include editing and publishing Cisco’s security advisories. Before joining Cisco, Diane worked for multiple non-profit organizations, writing and editing reports on topics like state budget policy, disability rights, and workers’ rights. Her first career out of college was in broadcast journalism, and she worked as a news producer at television stations in Kansas City, Houston, and Raleigh.<br><br><br><strong>Justin Murphy</strong><br>Vulnerability Disclosure Analyst @Cybersecurity and Infrastructure Security Agency (CISA)<br>Justin Murphy is a Vulnerability Disclosure Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s), ranging from industrial control systems (ICS), medical devices, Internet of Things (IoT), and traditional information technology (IT) vulnerabilities. He also assists Dr. Allan Friedman in coordinating the global, multi-stakeholder community-led efforts around software bill of materials (SBOM), and other Technology Assurance related projects at CISA. Justin is a former high school mathematics teacher turned cybersecurity professional and has a M.Sc. in Computer Science from Tennessee Technological University, and a B.Sc. degree in Statistics from the University of Tennessee (Knoxville).</p>
<div class="btn-container">
</div>
</div>
</div>
<div class="col-12 col-md-6 image-wrapper">
<img src="assets/images/mbr-600x184.jpg" alt="CSAF Webinar">
</div>
</div>
</div>
</section>
<section data-bs-version="5.1" class="footer2 cid-sRAtK8mSnJ" once="footers" id="footer2-o">
<div class="container">
<div class="media-container-row align-center mbr-white">
<div class="col-12">
<p class="mbr-text mb-0 mbr-fonts-style display-7">
© Copyright 2023 OASIS CSAF TC - All Rights Reserved
</p>
</div>
</div>
</div>
</section>
<script src="assets/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="assets/smoothscroll/smooth-scroll.js"></script>
<script src="assets/ytplayer/index.js"></script>
<script src="assets/dropdown/js/navbar-dropdown.js"></script>
<script src="assets/theme/js/script.js"></script>
</body>
</html>