Cookies
Potrebujeme váš súhlas na využitie jednotlivých dát, aby sa vám okrem iného mohli ukazovať informácie týkajúce sa vašich záujmov. Súhlas udelíte kliknutím na tlačidlo „OK“.
ISO/IEC/TR 5895-ed.1.0
Cybersecurity - Multi-party coordinated vulnerability disclosure and handling
NORMA vydaná dňa 17.6.2022
Informácie o norme:
Označenie normy: ISO/IEC/TR 5895-ed.1.0
Dátum vydania normy: 17.6.2022
Kód tovaru: NS-1066322
Počet strán: 14
Približná hmotnosť: 42 g (0.09 libier)
Krajina: Medzinárodná technická norma
Kategória: Technické normy ISO
Kategórie - podobné normy:
Anotácia textu normy ISO/IEC/TR 5895-ed.1.0 :
This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating: — The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings. — Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111). — The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings. Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes. [1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb “remediate” in the context of this definition.
Doporučujeme:
