Publication CODE |
Title |
ISO/IEC TR 5895:2022 (2022-06) |
CYBERSECURITY - MULTI-PARTY COORDINATED VULNERABILITY DISCLOSURE AND HANDLING |
|
Price Excl. VAT |
Total number of pages, tables and drawings |
102.00 €
|
14. |
Description
ISO/IEC TR 5895:2022 This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating:
- The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings.
- Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111).
- The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.
Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes.
[1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb 'remediate' in the context of this definition.
|
Class |
C990
(IEC PUBLICATIONS IEC PUBLICATIONS)
|
Status |
IEC PUBLICATION |
Situation |
Currently active
|
|
Committee |
ISO/IEC JTC 1/SC 27
IT SECURITY TECHNIQUES
|
BEC Approval |
2022-06-17 |
ICS-Code (International Standards Classification) |
35.030
|
NBN Status |
New |
|
IEC publication date |
2022-06-17 |
IEC file modification date |
2022-06-20 |
IEC last modification date |
2022-06-20 |
|