ISO/IEC TR 5895:2022
p
ISO/IEC TR 5895:2022
81807
Indisponible en français

Résumé

 Preview

This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating:

—    The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings.

—    Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111).

—    The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.

Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes.

 

[1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb “remediate” in the context of this definition.


Informations générales 

  •  :  Publiée
     : 2022-06
  •  : 1
  •  : ISO/IEC JTC 1/SC 27 Sécurité de l’information, cybersécurité et protection de la vie privée
  •  :
    35.030 Sécurité des technologies de l’information

Acheter cette norme

fr
Format Langue
std 1 88 PDF + ePub
std 2 88 Papier
  • CHF88

Vous avez une question?

Consulter notre FAQ

Service à la clientèle
+41 22 749 08 88

Horaires d’ouverture:
De lundi à vendredi - 09:00-12:00, 14:00-17:00 (UTC+1)

Suivez l'actualité de l'ISO

Inscrivez-vous à notre Newsletter (en anglais) pour suivre nos actualités, points de vue et informations sur nos produits.