Recently, the CCF version of the open source vulnerability information description specification COSV Schema 1.0 was formally formulated and released to the public, and Prism Qicai participated in the formulation work.
Figure COSV Schema 1.0 formulation process contribution unit and expert list
As a pioneer in the field of open source software governance and software supply chain security, Prism Colorful has been committed to improving the efficiency of open source and preventing open source vulnerabilities. At the same time, it has been actively fulfilling its responsibilities and expanding its contributions in the open source ecosystem. Participating in the formulation of COSVSchema 1.0 this time is another important practice of Prism Colorful in terms of open source security vulnerabilities and vulnerability governance.
The Open Source Supply Chain Security Working Group of the CCF Open Source Development Committee (CCF ODC for short) responds to the common demands of multiple sectors in the industry, organizes industry peers to jointly discuss and optimize and formulate the CCF version of the open source vulnerability information description specification CCF Open Source Vulnerability (COSV) Schema 1.0.0, The formulation of this specification focuses on further enhancing the accuracy, standardization, and comprehensiveness of vulnerability descriptions. It aims to provide a standardized data structure for the upper-level vulnerability management platform to facilitate seamless transfer across systems, thereby helping to improve the overall security industry operation efficiency of enterprises. Significant.
As an important member participating in the formulation of COSV Schema 1.0, Prism Qicai combines its professional knowledge and experience in the field of open source governance and software supply chain, relying on a large-scale open source knowledge base and multiple channel vulnerability databases to provide COSV Schema 1.0 with open source compliance , Vulnerability detection and repair, etc. provided important opinions and suggestions, which were recognized and adopted by the working group, and contributed to the release of the specification.
Prism Qicai will focus on open source governance and software supply chain security, continuously enrich its own capabilities and value, provide more constructive opinions for the industry, make greater contributions to enhancing the security and standardization of open source software, and ensure the safety of enterprises convoy.