Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Working Group

Vulnerability Data

The mission of this working group is to identify and understand the problems around vulnerability discovery, reporting, publication, tracking, and classification.
View Current Projects
Global Security Database Working Group Charter
Global Security Database Working Group Charter

Download

Vulnerability Data

What is the GSD?

GSD, or Global Security Database, is meant to be a fast, cooperative, royalty-free, and public collection of security information. The project uses the open source model to overcome many of the existing shortcomings of security databases such as being difficult to access, update, and restricted use of the security information. GSD is sponsored by the Cloud Security Alliance, a nonprofit organization, in order to have a neutral home for the project. We welcome anyone to request new security identifiers, submit updates to existing security identifiers, contribute ideas to the project, and drive the group to fulfill community needs around vulnerability identifiers.

Working Group Overview
Our working group meets twice a month on Tuesdays at 9am PT. We welcome anyone who would like to join, even if you would like to just listen in on your first call.

See the exact dates on the working group calendar at: https://csaurl.org/gsd-calendar

What do we discuss? 
During our meetings we typically discuss updates to the GSD project, and plan future efforts. This working group meets every other week. 

Drafts & Important Docs

Working Group Leadership

Josh Bressers
Josh Bressers

Josh Bressers

Product Security Technical Lead

Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podc...

Read more

Kurt Seifried
Kurt Seifried

Kurt Seifried

Chief Blockchain Officer & Director of Special Projects, CSA

For over 2 decades Kurt has been involved in the information security field, starting with Windows and Linux and continuing on to cloud and now Blockchain. With a strong focus on security and privacy Kurt brings a wealth of knowledge and experience to the CSA.

Read more

Publications in ReviewOpen Until
Risk, Audit and Compliance - Security Guidance for Critical Areas of Focus in Cloud Computing v5Mar 05, 2024
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Risk, Audit and Compliance - Security Guidance for Critical Areas of Focus in Cloud Computing v5

Open Until: 03/05/2024

This chapter is dedicated to the core aspects of cloud security, with a particular emphasis on the implications surrounding...