| description: |
The workshop provides practical training on distributing and automatically retrieving CSAF security information. Participants learn the roles and components of CSAF distribution (Publisher, Provider, Aggregator) and implement an end-to-end environment – from creating a CSAF file to publishing it on a server and automating retrieval. This builds a solid understanding of the CSAF ecosystem and its technical requirements.
|
|
| target group: |
The workshop BS120 CSAF Distribution – From Scratch To Publication is aimed at experienced CSAF users and technical specialists responsible for publishing or aggregating security advisories:
- IT security engineers and system administrators who want to provide CSAF advisories internally or publicly
- Developers and DevOps engineers who implement automated processes for distributing security information
- Members of CERT teams or security departments who consolidate various advisory sources (aggregators)
- Product security managers driving CSAF integration into existing vulnerability management systems
|
|
| requirements: |
To participate in the workshop BS120 CSAF Distribution – From Scratch To Publication, you should have:
- Knowledge of the CSAF standard (e.g. participation in the courses BS100 CSAF Writing Boot Camp (For Beginners) and BS110 The CSAF Writers' Guild – Advancing Your Experience)
- Basic programming skills in Python (important for practical exercises and script development)
- Proficiency in using command-line tools and basic experience in operating web services
- Very good command of English, as the workshop is conducted in English
|
|
| objectives: |
In the workshop BS120 CSAF Distribution – From Scratch To Publication, you will learn how to:
- Set up end-to-end distribution of CSAF documents – from the publisher side to the consumer side
- Understand and implement the roles CSAF Publisher, CSAF Provider, and CSAF Aggregator in theory and practice
- Deploy your own CSAF provider (CSAF server) that hosts security advisories (including directory structure and metadata such as provider-metadata.json)
- Operate a CSAF aggregator that automatically retrieves and consolidates advisories from multiple providers
- Use available open-source tools for CSAF distribution
- Apply best practices for the secure and reliable operation of a CSAF distribution infrastructure
|
|
| price and duration: |
duration: 1 day
price: price upon request
You can find the print view here.
|
|
| dates: |
This workshop will be conducted on the following dates:
| location | | course format | start | end | seats | |
|---|
| Nuremberg | | onsite classroom | 12.11.2025 | 09:00AM | 12.11.2025 | 05:30PM | | enrol |
|
|
|
| agenda: |
The training considers the new revision 2.1 of the CSAF standard.
If the new version has already been released at the time of the training, we will work hands-on with exercises based on revision 2.1.
If the release is still pending, you will receive an exclusive preview of the planned enhancements and their significance for practical implementation.
|
|
| Further information: |
The course language and course materials are in English.
|
|
|
