BSI PD ISO/IEC TR 5895:2022
$142.49
Cybersecurity. Multi-party coordinated vulnerability disclosure and handling
| Published By | Publication Date | Number of Pages |
| BSI | 2022 | 24 |
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | National foreword |
| 7 | Foreword |
| 8 | Introduction |
| 9 | 1 Scope 2 Normative references 3 Terms and definitions 4 Concepts 4.1 General |
| 11 | 4.2 Relationship with other International Standards 4.2.1 ISO/IEC 29147 – Vulnerability disclosure 4.2.2 ISO/IEC 30111 – Vulnerability handling processes |
| 12 | 4.2.3 Risk reduction effectiveness |
| 13 | 5 MPCVD scenarios 5.1 General 5.2 MPCVD led by the vendor-coordinator (the owner of the technology developed) – the “mitigating vendor” 5.3 MPCVD process in non-owner cases 6 MPCVD stakeholders 6.1 General 6.2 Vendor 6.2.1 Mitigating vendor |
| 14 | 6.2.2 Dependent vendor 6.2.3 Mitigating vendor and coordination 6.3 Non-vendor coordinator 6.4 Reporters 6.5 Users 6.6 Product security incident response team (PSIRT) function 7 MPCVD life cycle 7.1 General |
| 15 | 7.2 Policy development 7.2.1 Preparation 7.2.2 Policy 7.3 Strategy development 7.3.1 Information sharing strategy 7.3.2 Disclosure strategy |
| 16 | 7.4 Know your customers 7.5 Encrypted communication methods and conference calls 7.6 Processes and controls 8 MPCVD life cycle for each product 8.1 Product and user mapping 8.2 Component analysis |
| 17 | 8.3 User analysis 9 MPCVD life cycle for each vulnerability 9.1 Receipt 9.2 Verification |
| 18 | 9.3 Remediation development 9.4 Release 9.5 Post-release 9.6 Embargo period |
| 19 | 10 Information exchange |
| 20 | 11 Disclosure 12 Use case for hardware and further considerations |
| 22 | Bibliography |
Related products
-
ASHRAE Fundamentals Handbook IP 2013
2013 ASHRAE Handbook – Fundamentals – IP Edition Published By Publication Date Number of Pages…
-
BSI PD ISO/IEC TR 5891:2024
Information security, cybersecurity and privacy protection — Hardware monitoring technology for hardware security assessment Published By…
