May 1, 2026 – Security Analysis and Guidance Exchange (SAGE) is a standard for bridging the gap between information provided by security researchers for human consumption and having that same information consumed directly by security technologies, which increasingly are equipped with LLM interpretative capabilities. Conceived and poorly executed by Jim Reavis, it has been expertly reimagined by Rock Lambros. We encourage you to test and comment on the specification.
Downloads
Security Analysis and Guidance Exchange (SAGE) Implementation Guide (PDF Download)
Security Analysis and Guidance Exchange (SAGE) RC1 standard (.md Download) (Provide peer review commentary)
Security Analysis and Guidance Exchange (SAGE) template (.md Download)
Articles
SAGE: The Format STIX, OSCAL, and SARIF Don’t Cover (blog)