Abstract Preview
This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating:
— The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings.
— Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111).
— The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.
Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes.
[1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb “remediate” in the context of this definition.
General information
-
Status : PublishedPublication date : 2022-06
-
Edition : 1Number of pages : 14
-
Technical Committee:Information security, cybersecurity and privacy protection
-
- ICS :
-
IT Security
Buy this standard
| Format | Language | |
|---|---|---|
| PDF + ePub | ||
| Paper |
- CHF88
Got a question?
Check out our FAQs
Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)
Keep up to date with ISO
Sign up to our newsletter for the latest news, views and product information.