Cloud 101CircleEventsBlog
Discover the latest cloud threats, evolving AI risks, and how to stay ahead. Don’t miss CSA’s free Cloud Threats & Vulnerabilities Summitregister now!

Working Group

Vulnerability Data

The mission of this working group is to identify and understand the problems around vulnerability discovery, reporting, publication, tracking, and classification.
View Current Projects
Global Security Database Working Group Charter
Global Security Database Working Group Charter

Download

Vulnerability Data

What is the GSD?

GSD, or Global Security Database, is meant to be a fast, cooperative, royalty-free, and public collection of security information. The project uses the open source model to overcome many of the existing shortcomings of security databases such as being difficult to access, update, and restricted use of the security information. GSD is sponsored by the Cloud Security Alliance, a nonprofit organization, in order to have a neutral home for the project. We welcome anyone to request new security identifiers, submit updates to existing security identifiers, contribute ideas to the project, and drive the group to fulfill community needs around vulnerability identifiers.

Working Group Overview
Our working group meets twice a month on Tuesdays at 9am PT. We welcome anyone who would like to join, even if you would like to just listen in on your first call.

See the exact dates on the working group calendar at: https://csaurl.org/gsd-calendar

What do we discuss? 
During our meetings we typically discuss updates to the GSD project, and plan future efforts. This working group meets every other week. 

Drafts & Important Docs

Working Group Leadership

Josh Bressers
Josh Bressers

Josh Bressers

Product Security Technical Lead

Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podc...

Read more

Kurt Seifried
Kurt Seifried

Kurt Seifried

Chief Innovation Officer, CSA

For over two decades, Kurt has excelled in information security, starting with Windows and Linux, and advancing to cloud computing and AI. With a strong focus on AI security, privacy, and open source, Kurt brings extensive expertise to the Cloud Security Alliance (CSA).

Read more

Publications in ReviewOpen Until
Dynamic Process Landscape: A Strategic Guide to Successful AI ImplementationApr 18, 2025
Zero Trust Guidance for IoTApr 18, 2025
MLOps OverviewApr 18, 2025
AI Consensus Assessments Initiative Questionnaire (AI-CAIQ)Apr 28, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Dynamic Process Landscape: A Strategic Guide to Successful AI Implementation

Open Until: 04/18/2025

AI adoption in business and manufacturing is failing more often than it succeeds. Why? Because companies are trying to inte...

Zero Trust Guidance for IoT

Open Until: 04/18/2025

Adopting Internet of Things (IoT) technologies introduces security challenges that require an effective strategy for ensuri...

MLOps Overview

Open Until: 04/18/2025

The practice of DevSecOps has evolved significantly since the start of the CSA DevSecOps Working Group in 2019. We have tak...

AI Consensus Assessments Initiative Questionnaire (AI-CAIQ)

Open Until: 04/28/2025

The AI Consensus Assessment Initiative Questionnaire (AI-CAIQ) is an extension of the Cloud Security Allia...