We explore a number of principles of Coordinated Vulnerability Disclosure in Section 2. Section 3 describes the various roles involved in CVD. Common phases of the CVD process are covered in Section 4. The CVD process can vary depending on multiple factors, which we discuss in Section 5. But things do not always go smoothly, so Section 6 offers advice for troubleshooting the CVD process. Section 7 highlights operational considerations surrounding implementation of a CVD capability. In Section 8, we discuss a few open issues in the CVD space. Our conclusion can be found in Section 9, followed by a bibliography and multiple appendices. The appendices contain additional information about CVD issues specific to the Internet of Things, sample forms used in CVD processes, as well as references to disclosure policies, practices, and related information.
Overview
Content Tools
CMU/SEI-2017-SR-022
| SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY
Distribution Statement A: Approved for Public Release; Distribution is Unlimited