CSAF Logo

Community Days and Workshops 2025

Common Security Advisory Framework (CSAF)

The standard for structured Security Advisories

Vulnerabilities in hardware and software are a constant reality. Once systems reach a certain level of complexity, errors can no longer be avoided – and many of these errors can become security vulnerabilities that attackers exploit. Such security vulnerabilities are like open wounds in a company's digital infrastructure: they must be identified, understood, and addressed or at least treated as quickly as possible to prevent greater damage.

A central solution to this challenge is CSAF (Common Security Advisory Framework) – an open, standardized format for publishing and automatically exchanging machine-readable security advisories and vulnerability information. Developed as an open-source initiative, CSAF significantly simplifies and accelerates communication about security vulnerabilities and corresponding countermeasures.

By using CSAF, the manual effort in searching and evaluating security information can be significantly reduced. The framework enables manufacturers, system operators, administrators, and users to automatically collect and analyze information on known vulnerabilities - and determine if their products are affected. Even the confirmation of not being affected can be efficiently communicated through the Vulnerability Exploitability eXchange (VEX) profile within CSAF.

In an increasingly interconnected and complex digital world, the number of security-related vulnerabilities will continue to increase. Therefore, a modern vulnerability management based on CSAF documents will be indispensable in the future.

OASIS OPEN Logo

Join OASIS Open and qSkills™ for an intensive CSAF Week combining technical training with community exchange, designed to accelerate your organization's journey toward automated vulnerability management. Master the standard in three days of practical CSAF Workshops (Monday–Wednesday). Then join industry leaders at the CSAF Community Days (Thursday–Friday) to share insights, discover implementations, discuss the future of automated vulnerability management and connect with the global CSAF community.

CSAF Community Days | 13.-14.11.2025

Get informed and register now!

On 13th and 14th November 2025, the CSAF Community Days will take place at the Südwestpark – Forum in Nuremberg. This onsite event is aimed at developers, practitioners, manufacturers, users, and anyone involved with the Common Security Advisory Framework (CSAF). Discussions will focus on best practices, tools, success stories, and innovations related to CSAF.

Location:
Südwestpark – Forum
Südwestpark 37–41
90449 Nuremberg
Germany

Go to location
Südwestpark Standortkarte Forum

Program CSAF Community Day 1

November 13, 2025

08:00 - 08:45 CET

Welcome & Opening Remarks

08:20 - 08:40 CET

Keynote

08:45 - 09:30 CET

One Year of CSAF - Lessons, Statistics, and Impact

Jacco Lighart (NCSC-NL)

09:35 - 10:05 CET

Networking Break with Morning Tea

10:10 - 10:30 CET

An easy Way to become a CSAF Provider with Github Actions

Bernhard Reiter (Intevation GmbH)

10:35 - 11:05 CET

Lessons Learned from Automating the CSAF Publication Flow

Jan Thielscher (EACG)

11:10 - 11:40 CET

Challenge your Checker with Contravider: Better Testing for CSAF Distribution Tools

Sascha L. Teichmann (Intevation GmbH)

11:45 - 13:15 CET

Lunch

13:20 - 13:50 CET

BOMnipotent - Server and Client for SBOMs and CSAF Docs

Simon Heidrich (Weichwerke Heidrich Software)

13:55 - 14:25 CET

Implementing a CSAF SBOM Matching System - Standard vs. Reality

Christian Banse (AISEC)

14:30 - 15:00 CET

Bringing together SBOMs and Advisories, with GUAC Trustify

Jens Reimann (Red Hat)

15:05 - 15:35 CET

Networking Break with Afternoon Tea

15:40 - 16:25 CET

CSAF Extension - The best worst idea?

Thomas Schmidt (BSI™)

16:30 - 17:40 CET

Lightning Talks

17:45 - 17:55 CET

Day 1 Wrap Up

19:00 CET

Social Dinner

Program CSAF Community Day 2

November 14, 2025

08:00 - 08:10 CET

Welcome and Day 1 Recap

08:15 - 09:00 CET

Security Advisories - Facts, Fashions, and Fiction

Stefan Hagen (CSAF TC)

09:05 - 09:35 CET

SBringing Trusted Vulnerability Reporting to Every Organization with DevGuard

Patrick Rissmann (l3montree)

09:40 - 10:10 CET

Networking Break with Morning Tea

10:15 - 10:35 CET

An Architecture for Matching CSAF Documents on Industrial Asset Inventories

10:40 - 11:10 CET

Behind the Curtains of the Common Security Advisory Framework: A Critical OT Perspective

Christian Schroeder and Alex Steg (Siemens)

11:15 - 11:45 CET

CSAF & AI

Sonny van Lingen (Huawei)

11:50 - 13:20 CET

Lunch

13:25 - 13:55 CET

CSAF for Cloud Native? Challenges and a Proposal

Christoph Plutte (Ericsson)

14:00 - 14:45 CET

Visions for CSAF - Challenges and Perspectives (Panel)

14:50 - 15:20 CET

Networking Break with Afternoon Tea

15:25 - 15:45 CET

CSAF beyond Security

Florian Gilcher (Ferrous System)

15:50 - 16:00 CET

Closing Remarks

Omar Santos (CSAF TC (Chair))

Smiling woman participating in a professional workshop with colleagues in a modern office setting, conveying engagement and teamwork.

What's Included

in your CSAF Community Days Experience

Your registration grants you full access to an exceptional two-day program designed to maximize learning, networking, and collaboration:

  • Comprehensive Conference Program - Engage with cutting-edge presentations, panel discussions, and technical sessions led by CSAF practitioners, implementers, and industry experts. Stay tuned – detailed conference program will be published shortly.

  • Full Catering Throughout Both Days - Stay energized with complimentary coffee, tea, and refreshments during breaks, plus delicious lunch served each day to fuel your networking and learning.

  • Exclusive Evening Reception & Dinner - Join fellow attendees at the Südwestpark Hotel for an evening of networking and exchange. Enjoy a welcoming reception, dinner buffet, and beverages in a relaxed atmosphere - the perfect opportunity to connect with the CSAF community and forge lasting professional relationships.

Ticket classes

CSAF Community Days

Early Bird
Onsite Ticket

(valid until October 31, 2025)

299,00 €

plus VAT

Register now

Regular
Onsite Ticket

(valid from November 1st, 2025)

349,00 €

plus VAT

Register from 11/01/2025

CSAF Community Days Sponsors

Champion Sponsor

Innovator Sponsor

Community Sponsors

Ferrous Systems GmbH
MURR ELEKTRONIK
Intevation
PILZ
HIMA
Trust Source

CSAF Workshops | 10.-12.11.2025

Get informed and register now!

From 10 to 12 November 2025, OASIS is hosting practical workshops on the Common Security Advisory Framework (CSAF) in Nuremberg.

These workshops provide a unique opportunity to delve deeply into the creation, management, and dissemination of security information.

Location:
qSkills™ GmbH & Co. KG
Südwestpark 65
90449 Nuremberg
Germany

Go to location
BS100: CSAF Writing Boot Camp (For Beginners)
CSAF Fundamentals Training, Creating Security Advisories; CSAF 2.0, Vulnerability Management, Secvisogram, CSAF Validator; PSIRT, CERT, Security Analysts; IT Security

1 Day

1:  2025-11-10 -  2025-11-10 (en)

With instructor

BS110: The CSAF Writers’ Guild – Advancing Your Experience
Deepen CSAF Knowledge in Special Use Cases; Complex Security Advisories, VEX Profile, Tools like Secvisogram; PSIRT Teams, Security Engineers; CSAF Experience Required

1 Day

1:  2025-11-11 -  2025-11-11 (en)

With instructor

BS120: CSAF Distribution – From Scratch To Publication
CSAF Distribution and Automated Retrieval Learning; Publisher, Provider, Aggregator, End-to-End Environment, Repository; IT Security Engineers, DevOps; CSAF Knowledge, Python

1 Day

1:  2025-11-12 -  2025-11-12 (en)

With instructor