Information technology - Security techniques - Vulnerability disclosure
- guidelines on receiving reports about potential vulnerabilities;
- guidelines on disclosing vulnerability remediation information;
- terms and definitions that are specific to vulnerability disclosure;
- an overview of vulnerability disclosure concepts;
- techniques and policy considerations for vulnerability disclosure;
- examples of techniques, policies (Annex A), and communications (Annex B).
Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111.
This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors' products and services.
|Publication type||International Standard|
|Available language(s)||English, French|
|TC/SC||ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protectionrss|
|ICS||35.030 - IT Security|
|File size||2193 KB|
The following test report forms are related:
Share your publications
Learn how to share your publications with your colleagues, using networking options.
Our prices are in Swiss francs (CHF). We accept all major credit cards (American Express, Mastercard and Visa), PayPal and bank transfers as form of payment.
Keep in touch
Keep up to date with new publication releases and announcements with our free IEC Just Published email newsletter.
Contact customer services
Please send your enquiry by email or call us on +41 22 919 02 11 between 09:00 – 17:00 CET Monday to Friday.