标准编号:ISO/IEC TR 5895:2022
中文名称:网络安全 多方协调的漏洞披露和处理
英文名称:Cybersecurity — Multi-party coordinated vulnerability disclosure and handling
发布日期:2022-06
标准范围
This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating: — The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages 2) (preparation, receipt, verification, remediation development, release, post-release) in MPCVD settings. — Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111). — The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.
标准预览图
立即下载标准文件