Vulnerability disclosure

Standard

ABSTRACT

In the contexts of information technology and cybersecurity, a vulnerability is a behaviour or set of conditions present in a system, product, component, or service that violates an implicit or explicit security policy
Attackers exploit vulnerabilities to compromise confidentiality, integrity, availability, operation, or some other security property.
This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1.
Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected.

Source: https://www.iso.org/standard/72311.html

ISO/IEC 29147:2018 I

ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniqu…

General information

Status: Published
Publication date :
2018-10-01
Working Groups :
Category: Cybersecurity
SDO:

IEC

ISO

ABSTRACT

General information

Provide comments on WD prEN AI Trustworthiness Framework

AI Use in the Standards Making Process

Managing the risks of AI systems to reduce safety, health and fundamental right risks

Domenico Natale is currently…

AI Use in the Standards Making…

AI (NLP and semantic search)…

AI Use in the Standards Making…

Quantum Key Distribution …

Security Certification of QKD

Simulation and digital twins as model-based AI

Can the usage of simulators an…

The concept of autonomous…

Towards autonomous open radio…

OETP and the transparency of Ai problem

Open Ethics Transparency Proto…

Security Certification of QKD

Security Certification of QKD

Security Certification of QKD

Security Certification of QKD

New ISO project - societal concerns and ethical considerations

Strengthening the ethical dime…

I missed some mention about…

Towards autonomous open radio…

5G communications
Applications of information technology
Artificial Intelligence
Big Data
Blockchain
Circular Economy
Citiverse
Cloud computing
Computer graphics
Cybersecurity
Data Centres
Data storage services
Data technologies
Digital Product Passport
Digital Twin
E-Invoicing
Edge Computing
eHealth
Information coding
Intelligent Transport System
Interface and interconnection equipment
IoT
IT terminal and other peripheral equipment
Languages used in IT
Network Security
Ontologies
OSI - Open System Interconnections
Quantum Computing
Robotics
Smart Cities
Trusted Information
Vertical Industries

None
3GPP
A3 Robotics
A4BLUE
Allotrope Foundation
ANSI
ANSI/RIA
ASD-STAN
ASME
ASTM
ATIS
BBF
BIMERR
BSI
CEN
CEN/CENELEC
CENELEC
CIGI
CLC
COVR
CSA
DGUV
DIF
DIN
DIN/DKE
DKE
DMTF
Enterprise Ethereum
ERCIM
Ethereum Community
ETSI
European Commission
European Union’s Horizon 2020
GICTF
GreenBlue
GS1
GSMA
HL7
Hyperledger Foundation
IEA-EBC
IEC
IEEE
IETF
iiRDS
INRAE
IOF
ISA
ISO
ISO/IEC
ISO/IEC/IEEE
ISO/TR
ITU
ITU-T
Massrobotics
Metaverse
Microsoft
MPAI
NEN
NGMN
NIST
None
NSAI
OASIS
OGC
OMA
OMG
OMG Robotics
oneM2M
OPC
OpenForum Europe
OpenID Foundation
OpenPEPPOL
RDA
RIA
SAE
SEAS
SMPTE
SNIA
STANDARDS AUSTRALIA
TIA
TM Forum
UL
UN/CEFACT
UNECE
VDA
W3C

follow us

Vulnerability disclosure

ABSTRACT

General information