References Associated with Vulnerability Disclosure

References

ISO/IEC 29147
International Organization for Standardization/International Electrotechnical Commission (2018) ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/72311.html

ISO/IEC 30111
International Organization for Standardization/International Electrotechnical Commission (2019) ISO/IEC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/69725.html

ISO/IEC 27002
International Organization for Standardization/International Electrotechnical Commission (2013) ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/54533.html

DHS VDP Template
Department of Homeland Security (DHS) Vulnerability Disclosure Policy (VDP) Template. Available at https://cyber.dhs.gov/bod/20-01/vdp-template/

DOD VDP
U.S. Department of Defense, Cyber Crime Center (2016) Vulnerability Disclosure Program (VDP). (U.S. Department of Defense, Washington, DC). Available at https://www.dc3.mil/Vulnerability-Disclosure/Vulnerability-Disclosure-Program-VDP/

CISA CVD
Cybersecurity & Infrastructure Security Agency (CISA) (2017) Coordinated Vulnerability Disclosure (CVD) Process. Available at https://www.cisa.gov/coordinated-vulnerability-disclosure-process

DOJ VDP
U.S. Department of Justice, Criminal Division, Cybersecurity Unit (2017) A Framework for a Vulnerability Disclosure Program for Online Systems. (U.S. Department of Justice, Washington, DC). Available at https://www.justice.gov/criminal-ccips/page/file/983996/download

GSA TTS PDV
U.S. General Services Administration, Technology Transformation Services. Public Disclosure of Vulnerabilities. Available at https://handbook.tts.gsa.gov/responding-to-public-disclosure-vulnerabilities/

NISTIR 8246
Byers R, Waltermire D, Turner C (2020) Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8246. https://doi.org/10.6028/NIST.IR.8246

Vulnerability Disclosure Guidance

Project Links

References Associated with Vulnerability Disclosure

References

Project Links

Additional Pages

Contacts

Group

Topics

Related Projects

Additional Pages

Contacts

Group

Topics

Related Projects