Information technology -- Security techniques -- Vulnerability disclosure
(Not available in French)
ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure. ISO/IEC 29147:2014
- provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services,
- provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services,
- provides the information items that should be produced through the implementation of a vendor's vulnerability disclosure process, and
- provides examples of content that should be included in the information items.
ISO/IEC 29147:2014 is applicable to vendors who respond to external reports of vulnerabilities in their products or online services.
Document published on: 2014-02 Edition: 1 (Monolingual) ICS: 35.030 Status: Published Stage: 90.92 (2014-05-15) TC/SC: ISO/IEC JTC 1/SC 27 Number of Pages: 34
Revised by: ISO/IEC CD 29147
No corrigenda or amendments available