Page History
...
There are a number of proposed models of the CVD process that have slightly varying phases \ [1] \[2] \[3] \[,2,3,4].
Below, we adapt a version of the ISO/IEC 30111 \ [5] process with more phases to better describe what we have seen at the CERT/CC.:
- Discovery – A researcher (not necessarily an academic one) discovers a vulnerability by using one of numerous tools and processes.
- Reporting – A researcher submits a vulnerability report to a software or product vendor, or a third-party coordinator if necessary.
- Validation and Triage – The analyst validates the report to ensure accuracy before action can be taken and prioritizes reports relative to others.
- Remediation – A remediation plan (ideally a software patch, but could also be other mechanisms) is developed and tested.
- Public Awareness – The vulnerability and its remediation plan is disclosed to the public.
- Deployment – The remediation is applied to deployed systems.
...
Overview
Content Tools