Home

ISO/IEC 29147:2014
Subscribe to updates

Information technology -- Security techniques -- Vulnerability disclosure

Abstract

ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure. ISO/IEC 29147:2014

  1. provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services,
  2. provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services,
  3. provides the information items that should be produced through the implementation of a vendor's vulnerability disclosure process, and
  4. provides examples of content that should be included in the information items.

ISO/IEC 29147:2014 is applicable to vendors who respond to external reports of vulnerabilities in their products or online services.

 

  • Edition: 1 (Monolingual) ICS: 35.040
    Status: Published Stage: 60.60 (2014-02-05)
    TC/SC: ISO/IEC JTC 1/SC 27 Number of Pages: 34
  • No revision information available

  • No corrigenda or amendments available

Related standards

Format
  • PDF

    This format preserves the paper layout, and is watermarked

  • EPUB

    This format allows documents to be read on tablets and smartphones

  • COLOUR PDF

    Enhanced user-friendly colour PDF format

  • REDLINE

    See any updates made from previous versions at a glance

  • PAPER

    Normally A4 size documents. Shipping costs apply

Language

+

PDF + ePub
Paper

Swiss francs CHF 138

Add to basket

Got a question?

Check out our FAQs

Email customer services
or call us on +41 22 749 08 88
09:00 – 12:30, 14:00 – 17:00 (UTC+1).