Microsoft says it is adding a new standard machine-readable format to all Microsoft CVE (common vulnerabilities and exposures) information in an effort to help organizations accelerate CVE response and mediation.
The new format is called Common Security Advisory Framework (CSAF), and Microsoft said in a blog post that these files are meant to be consumed by computers. These will be released in addition to the company’s existing CVE channels (not as a replacement).
The company announced the change in a blog post from its Microsoft Security Response Center – an initiative launched following the July Crowdstrike IT outage.
“This is the beginning of a journey to continue to increase transparency around our supply chain and the vulnerabilities that we address and resolve in our entire supply chain, including Open Source Software embedded in our products,” Microsoft said in the post. “We are working side by side with other companies in our industry because in many ways, we build products together, and it will take all of us together to meet the needs of our interconnected world.”
Got news or tips to share with us? Please send them to [email protected].
Today’s MSSP Update
1. MDR provider names new CRO - Managed detection and response provider Red Canary has appointed Todd Chronert as chief revenue officer (CRO) where he will oversee sales, business development, and partnerships, reporting directly to President Katie Bullard. He brings nearly 20 years of domestic and international cybersecurity leadership experience and a track record of driving growth at scale. Todd will succeed Dennis Hon, who is retiring after nearly three years at Red Canary.
2. Misalignment between risk and resources - Risk, compliance, and infosec company AuditBoard’s most recent report reveals misalignment between top risks businesses face and the level of resources internal auditors can put towards those vulnerabilities. Cybersecurity retains its place as the top-ranked risk and top area of audit effort; 82% of internal auditors rate this risk as “very high” or “higher than average” for their organizations in 2025.
3. Security partnership - Rubrik is rolling out support for Red Hat OpenShift Virtualization on Rubrik Security Cloud. This offering is designed to help businesses more easily migrate and protect VMs and apps, simplify cyber resilience, provide faster data recovery, and enhance IT infrastructure reliability.
4. Mac, Azure security update - Apple security company Jamf is offering new updates around Microsoft Azure. The company has achieved Microsoft Azure's IP co-sell top-tier partner designation; the highest partnership-level benefit in the Microsoft AI Cloud Partner Program. The Jamf plugin for Microsoft Copilot for Security is also now available. The company’s flagship management solution Jamf Pro is also now available on Azure Cloud. In addition, Jamf Pro and Jamf Business Plan are now both available for purchase directly in the Azure Marketplace.
5. Cybersecurity auction – Akamai is the winning bidder to acquire select assets from Edgio as part of the company’s bankruptcy sale. Assets include customer contracts from Edgio’s security business and content delivery business and non-exclusive license rights to the company’s patent portfolio.
