OCSF Simplifies Security Data Challenges and Creates Flexibility for Security Teams and Data Producers, Empowering Organizations to Effectively Mitigate Cyber Risks
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, welcomes the Open Cybersecurity Schema Framework (OCSF) to the Linux Foundation family of projects. This new partnership aims to drive the development and adoption of an open, extensible framework for cybersecurity data schemas. OCSF enables security teams and data producers to work seamlessly within a standardized framework to accelerate threat detection, response, and innovation.
Founded in 2022 with support from leading technology companies—including AWS, Cisco, IBM, Splunk, and derived from schema work done by Broadcom (Symantec)—OCSF provides a unified language to simplify and standardize how security data is managed, shared, and analyzed across diverse environments.
The OCSF project has grown significantly into a thriving ecosystem with over 900 contributors and 200 participating organizations, including security-focused independent software vendors (ISVs), government agencies, educational institutions, and enterprises.
With OCSF now under the Linux Foundation, contributors have greater access to develop and expand a framework that empowers data producers, engineers, and security teams to work together seamlessly to effectively address emerging cyber threats.
With cybersecurity incidents on the rise, the need for collaborative, open source solutions grows with each passing day,” said Executive Director of the Linux Foundation, Jim Zemlin.
“We are pleased to bring the Open Cybersecurity Schema Framework into the Linux Foundation, marking a unique opportunity for the industry to converge on how security data is managed and used.”
Detection engineering, threat hunting, analytics development, and the rise of artificial intelligence are often hindered by the absence of a standard format and data model for cybersecurity logs and alerts.
The OCSF framework comprises a set of data types, an attribute dictionary, and a taxonomy. Since its initial release of version 1.0.0 in September 2023, OCSF has undergone rapid evolution, demonstrating the community’s commitment to continuously enhancing the framework.
The latest version, 1.3.0, released in August 2024, introduces new event classes for software inventory, remediation activities, and an OSINT profile for cyber threat intelligence enrichment, further solidifying OCSF’s role in standardizing cybersecurity data. Developed initially as a schema for cybersecurity events, the OCSF’s open standard can today be adopted in any environment, application, or solution.