관심표준 등록 : 표준업데이트 시 알림을 받을 수 있습니다.
PDF : 직접 파일 다운로드 및 인쇄 (마이페이지 확인)
PRINT : 인쇄본 우편발송, 2~3일 소요(PDF파일 미제공)
분야 | ISO/IEC JTC 1/SC 27 : Information security, cybersecurity and privacy protection |
---|---|
적용범위 | This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides: — guidelines on receiving reports about potential vulnerabilities; — guidelines on disclosing vulnerability remediation information; — terms and definitions that are specific to vulnerability disclosure; — an overview of vulnerability disclosure concepts; — techniques and policy considerations for vulnerability disclosure; — examples of techniques, policies (Annex A), and communications (Annex B). Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111. This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors' products and services. |
국제분류(ICS)코드 | 35.030 : IT 보안 |
페이지수 | 32 |
Edition | 2.0 |
No. | 표준번호 | 표준명 | 발행일 | 상태 |
---|---|---|---|---|
1 | ISO/IEC 29147:2018 | Information technology - Security techniques - Vulnerability disclosure | 2018-10-23 | 표준 |
2 | ISO/IEC 29147:2018 | Information technology — Security techniques — Vulnerability disclosure | 2018-10-23 | 표준 |
3 | ISO/IEC 29147:2014 | Information technology - Security techniques - Vulnerability disclosure | 2014-02-05 | 구판 |
4 | ISO/IEC 29147:2014 | Information technology — Security techniques — Vulnerability disclosure | 2014-02-05 | 구판 |
관련상품이 존재하지 않습니다.
ISO/IEC 30111:2019 - Information technology - Security techniques - Vulnerability handling processes 상세보기
ISO/IEC 27037:2012 - Information technology - Security techniques - Guidelines for identification, collection, acquisition and preservation of digital evidence 상세보기
IEEE 11073-40101-2020 - IEEE Standard - Health informatics--Device interoperability Part 40101: Foundational—Cybersecurity—Processes for vulnerability assessment 상세보기
ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection - Information security controls 상세보기
IEC TR 60601-4-5:2021 - Medical electrical equipment - Part 4-5: Guidance and interpretation - Safety-related technical security specifications 상세보기
IEC TS 63134:2020 - Active assisted living (AAL) use cases 상세보기
IEC 60034-5:2020 RLV - Rotating electrical machines - Part 5: Degrees of protection provided by the integral design of rotating electrical machines (IP code) - Classification 상세보기
KS B ISO TS 25740-1 - 에스컬레이터 및 무빙워크에 대한 안전요건 — 제1부: 세계공통 필수 안전요건(GESRs) 상세보기
KS B ISO TS 8100-21 - 승객 및 화물 운송용 엘리베이터 —제21부: 세계공통 필수안전요건(GESRs)을 충족하는 세계공통 안전 파라미터(GSPs) 상세보기
KS C IEC TS 62872 - 산업 시설과 스마트 그리드 사이의 산업 공정 측정, 제어 및 자동화 시스템 인터페이스 상세보기