Several organizations have presented some standards and best practices documents, to aid vendors in establishing vulnerability response and coordination teams.
Below are links to some of these standards and best practices. Please note that CERT does not necessarily endorse any of these documents and is currently providing this list only for informational purposes.
Standards and Best Practices
You may consider referring to the following documents and standards for advice when establishing a PSIRT in your organization.
- ISO-29147:2014 -- Vulnerability Disclosure
- ISO-30111:2013 -- Vulnerability Handling Processes
- HackerOne Vulnerability Coordination Maturity Model – self-assessment for vulnerability handling best practices in your organization
Please contact us if you are interested in arranging for a PSIRT class taught by CERT.