No disponible en español

Estado : Publicado

Formato Idioma
PDF + ePub
Papel
  • CHF96
Convertir Franco suizo (CHF) a tu moneda

Resumen

This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating:

—    The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings.

—    Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111).

—    The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.

Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes.

 

[1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb “remediate” in the context of this definition.

Standard first page

Preview 

Previsualice esta norma en nuestra Plataforma de navegación en línea (OBP)

Informaciones generales

  • Estado
     : Publicado
    Fecha de publicación
     : 2022-06
    Etapa
    : Norma Internacional publicada [60.60]
  • Edición
     : 1
    Número de páginas
     : 14
  • Comité Técnico :
    ISO/IEC JTC 1/SC 27
    ICS :
    35.030 
  • RSS actualizaciones

Ciclo de vida

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

  2. Tienda
  3. Standards catalogue
  4. TC
  5. ISO/IEC JTC 1/SC 27
  6. ISO/IEC TR 5895:2022