Page History
...
A mapping of CVD phases to CVD roles is provided in Table 2.
Roles | Phases | Finder | Reporter | Vendor | Coordinator | Deployer |
---|---|---|---|---|---|---|
Discovery | Finds vulnerabilities | |||||
Reporting | Prepares report | Reports vuls to vendor(s) and/or coordinators | Receives reports | Receives reports | ||
Validation and Triage | Validates reports received | Validates reports received | ||||
Remediation | Confirms fix | Prepares patches | Coordinates multiparty response | |||
Public Awareness | Publishes report | Publishes report | Publishes report | Publishes report | Receives report | |
Deployment | Deploys fix or mitigation |
...
We will next discuss each of these phases in more detail.
Children Display |
---|
Panel | ||
---|---|---|
| ||
References
- ISO/IEC, "ISO/IEC 29147:2014 Information technology—Security techniques—Vulnerability disclosure," 2014.
- S. Christey and C. Wysopal, "Responsible Vulnerability Disclosure Process draft-christey-wysopal-vuln-disclosure-00.txt," February 2002. [Online]. Available: https://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00. [Accessed 17 May 2017].
- ISO/IEC, "ISO/IEC 30111:2013 Information technology—Security techniques—Vulnerability handling processes," 2013.
- J. T. Chambers and J. W. Thompson, "National Infrastructure Advisory Council Vulnerability Disclosure Framework Final Report and Recommendations by the Council," 13 January 2004. [Online]. Available: https://www.dhs.gov/xlibrary/assets/vdwgreport.pdf. [Accessed 17 May 2017].
- ISO/IEC, "ISO/IEC 30111:2013 Information technology—Security techniques—Vulnerability handling processes," 2013.
...
Overview
Content Tools