References Associated with Vulnerability Disclosure
References
ISO/IEC 29147
International Organization for Standardization/International Electrotechnical Commission (2018) ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/72311.html
ISO/IEC 30111
International Organization for Standardization/International Electrotechnical Commission (2019) ISO/IEC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/69725.html
ISO/IEC 27002
International Organization for Standardization/International Electrotechnical Commission (2013) ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/54533.html
DHS VDP Template
Department of Homeland Security (DHS) Vulnerability Disclosure Policy (VDP) Template. Available at https://cyber.dhs.gov/bod/20-01/vdp-template/
DOD VDP
U.S. Department of Defense, Cyber Crime Center (2016) Vulnerability Disclosure Program (VDP). (U.S. Department of Defense, Washington, DC). Available at https://www.dc3.mil/Vulnerability-Disclosure/Vulnerability-Disclosure-Program-VDP/
CISA CVD
Cybersecurity & Infrastructure Security Agency (CISA) (2017) Coordinated Vulnerability Disclosure (CVD) Process. Available at https://www.cisa.gov/coordinated-vulnerability-disclosure-process
DOJ VDP
U.S. Department of Justice, Criminal Division, Cybersecurity Unit (2017) A Framework for a Vulnerability Disclosure Program for Online Systems. (U.S. Department of Justice, Washington, DC). Available at https://www.justice.gov/criminal-ccips/page/file/983996/download
GSA TTS PDV
U.S. General Services Administration, Technology Transformation Services. Public Disclosure of Vulnerabilities. Available at https://handbook.tts.gsa.gov/responding-to-public-disclosure-vulnerabilities/
NISTIR 8246
Byers R, Waltermire D, Turner C (2020) Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8246. https://doi.org/10.6028/NIST.IR.8246
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
