Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

Working Group

Vulnerability Data

The mission of this working group is to identify and understand the problems around vulnerability discovery, reporting, publication, tracking, and classification.
View Current Projects
Global Security Database Working Group Charter
Global Security Database Working Group Charter

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Working Groups
Vulnerability Data

What is the GSD?

GSD, or Global Security Database, is meant to be a fast, cooperative, royalty-free, and public collection of security information. The project uses the open source model to overcome many of the existing shortcomings of security databases such as being difficult to access, update, and restricted use of the security information. GSD is sponsored by the Cloud Security Alliance, a nonprofit organization, in order to have a neutral home for the project. We welcome anyone to request new security identifiers, submit updates to existing security identifiers, contribute ideas to the project, and drive the group to fulfill community needs around vulnerability identifiers.

Working Group Overview
Our working group meets twice a month on Tuesdays at 9am PT. We welcome anyone who would like to join, even if you would like to just listen in on your first call.

See the exact dates on the working group calendar at: https://csaurl.org/gsd-calendar

What do we discuss? 
During our meetings we typically discuss updates to the GSD project, and plan future efforts. This working group meets every other week. 

Drafts & Important Docs

Working Group Leadership

Josh Bressers
Josh Bressers

Josh Bressers

Product Security Technical Lead

Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podc...

Read more

Kurt Seifried
Kurt Seifried

Kurt Seifried

Chief Innovation Officer, CSA

For over two decades, Kurt has excelled in information security, starting with Windows and Linux, and advancing to cloud computing and AI. With a strong focus on AI security, privacy, and open source, Kurt brings extensive expertise to the Cloud Security Alliance (CSA).

Read more

Publications in ReviewOpen Until
Zero Trust Privacy Assessment and GuidanceDec 27, 2024
Cybersecurity and the Data LifecycleJan 05, 2025
AI Controls MatrixJan 19, 2025
View all
Want to join this working group? Register or sign-into Circle to get started.
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

Dec

31

Tue, December 31, 9:00am - 10:00am PST
Vulnerability Data Working Group
See details
Biweekly CSA Vulnerability Data Working Group Meeting

Useful links:

Links to the draft documents can be found in the #vuln-data-working-group Slack channel bookmarks at the top of the screen.
View Event

Jan

14

Tue, January 14, 9:00am - 10:00am PST
Vulnerability Data Working Group
See details
Biweekly CSA Vulnerability Data Working Group Meeting

Useful links:

Links to the draft documents can be found in the #vuln-data-working-group Slack channel bookmarks at the top of the screen.
View Event

Jan

28

Tue, January 28, 9:00am - 10:00am PST
Vulnerability Data Working Group
See details
Biweekly CSA Vulnerability Data Working Group Meeting

Useful links:

Links to the draft documents can be found in the #vuln-data-working-group Slack channel bookmarks at the top of the screen.
View Event

Feb

11

Tue, February 11, 9:00am - 10:00am PST
Vulnerability Data Working Group
See details
Biweekly CSA Vulnerability Data Working Group Meeting

Useful links:

Links to the draft documents can be found in the #vuln-data-working-group Slack channel bookmarks at the top of the screen.
View Event

Current Projects

View recent publications
Sign-up for this group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Zero Trust Privacy Assessment and Guidance

Open Until: 12/27/2024

The objective of this paper is to provide guidance for using zero trust in privacy implementation. This document highlights...

Participate in peer review

Cybersecurity and the Data Lifecycle

Open Until: 01/05/2025

The data lifecycle refers to the comprehensive process that data undergoes, from its creation to eventual disposal. Underst...

Participate in peer review

AI Controls Matrix

Open Until: 01/19/2025

The CSA AI Controls Matrix is a framework of control objectives to support organizations in their secure and responsible de...

Participate in peer review