BS100: CSAF Writing Boot Camp (For Beginners)

Agenda:

The training considers the new revision 2.1 of the CSAF standard.
If the new version has already been released at the time of the training, we will work hands-on with exercises based on revision 2.1.
If the release is still pending, you will receive an exclusive preview of the planned enhancements and their significance for practical implementation.

Objectives:

In this workshop BS100 CSAF Writing Boot Camp (For Beginners) you will learn how to:

• Understand what CSAF is and the added value the standard provides for your organization and customers
• Independently create and structure a valid CSAF security advisory
• Apply tools and best practices for creating and validating CSAF documents (e.g. Secvisogram, CSAF Validator)
• Prepare vulnerability information in a standardized way to enable automated processing

This workshop BS100 CSAF Writing Boot Camp (For Beginners) serves as a foundational basis for the advanced CSAF workshops The CSAF Writers’ Guild – Advancing Your Experience and CSAF distribution – from scratch to publication.

Target audience:

The workshop BS100 CSAF Writing Boot Camp (For Beginners) is designed for professionals who create or use security information and want to learn CSAF from the ground up, including:

• IT Product security officers in companies
• Staff members of CERTs or IT security departments
• IT professionals working in vulnerability management and security

Prerequisites:

No specific prior knowledge is required for the BS100 CSAF Writing Boot Camp (For Beginners). A basic understanding of IT security and software vulnerabilities is helpful but not mandatory. A willingness to learn new technologies and an interest in security advisories are expected.
Fluent English communication skills, verbal and written, are mandatory.

Description:

The introductory workshop BS100 CSAF Writing Boot Camp (For Beginners) provides the fundamentals of the Common Security Advisory Framework (CSAF) – an open, standardized format for creating and distributing machine-readable security advisories. You will learn what CSAF is, why this standard is important for effective vulnerability management, and how to create your own CSAF-based documents.

The workshop covers the structure of valid CSAF documents and demonstrates the benefits CSAF provides to organizations and their customers.
Through practical demonstrations and hands-on exercises, you will learn how to write valid CSAF advisories yourself and use current tools – such as the online Secvisogram – for creation and validation. CSAF significantly reduces the manual effort required to search for vulnerability information and enables organizations to automatically determine whether they are affected by a vulnerability.

This advantage is leveraged in the workshop: in guided exercises, all participants apply what they have learned in practice to write security advisories in the CSAF format.

Other Info:

The course language and course materials are in English.