Dive Brief
Microsoft is enhancing its vulnerability disclosure process by adopting the Common Security Advisory Framework (CSAF), enabling organizations to more efficiently prioritize and remediate CVEs (Common Vulnerabilities and Exposures). This machine-readable format allows for faster and higher volume processing of CVEs, while customers can still access updates through the Microsoft security update guide or an API based on the Common Vulnerability Reporting Framework (CVRF), which remains the standard for disclosing vulnerability information.
- With CSAF, Microsoft aims to increase transparency in its vulnerability disclosures, building on previous efforts introduced in 2024.
- This change follows a series of enhanced practices aimed at bolstering Microsoft’s security culture, driven by previous security breaches.
The move to CSAF aligns with recommendations from the Cybersecurity and Infrastructure Security Agency (CISA), pushing for standardized and accelerated vulnerability disclosures to streamline security management for network defenders.
Article has been taken from cybersecuritydive.com: https://www.cybersecuritydive.com/news/microsoft-disclose-vulnerabilities-CSAF/733063/
