Versions Compared

Old Version 4

changes.mady.by.user user-5e993

Saved on

compared with

New Version 5

changes.mady.by.user user-f8986

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

"You go through phases. You have to reinvent reasons for playing, and one year's answer might not do for another."
-Yo-Yo Ma

...


There are a number of proposed models of the CVD process that have slightly varying phases \[1]

...

\[2]

...

\[3]

...

\[4].

...

Below,

...

we

...

adapt

...

a

...

version

...

of

...

the

...

ISO/IEC

...

30111

...

\[5]

...

process

...

with

...

more

...

phases

...

to

...

better

...

describe

...

what

...

we

...

have

...

seen

...

at

...

the

...

CERT/CC.

  • Discovery – A researcher (not necessarily an academic one) discovers a vulnerability by using one of numerous tools and processes.
  • Reporting – A researcher submits a vulnerability report to a software or product vendor, or a third-party coordinator if necessary.
  • Validation and Triage – The analyst validates the report to ensure accuracy before action can be taken and prioritizes reports relative to others.
  • Remediation – A remediation plan (ideally a software patch, but could also be other mechanisms) is developed and tested.
  • Public Awareness – The vulnerability and its remediation plan is disclosed to the public.
  • Deployment – The remediation is applied to deployed systems.

...