ISO/IEC 29147:2018
Information technology — Security techniques — Vulnerability disclosure
Product Details
— guidelines on receiving reports about potential vulnerabilities;
— guidelines on disclosing vulnerability remediation information;
— terms and definitions that are specific to vulnerability disclosure;
— an overview of vulnerability disclosure concepts;
— techniques and policy considerations for vulnerability disclosure;
— examples of techniques, policies (Annex A), and communications (Annex B).
Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111.
This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors' products and services.