ДСТУ EN ISO/IEC 29147:2022 Информационные технологии. Методы защиты. Раскрытие уязвимостей (EN ISO/IEC 29147:2020, IDT; ISO/IEC 29147:2018, IDT)



ДСТУ EN ISO/IEC 29147:2022
(EN ISO/IEC 29147:2020, IDT; ISO/IEC 29147:2018, IDT)

Інформаційні технології. Методи захисту. Розкриття вразливостей

 
   
 
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Concepts

5.1 General

5.2 Structure of this document

5.3 Relationships to other International Standards

5.4 Systems, components, and services

5.5 Stakeholder roles.

5.6 Vulnerability handling process summary

5.7 Information exchange during vulnerability disclosure

5.8 Confidentiality of exchanged information

5.9 Vulnerability advisories

5.10 Vulnerability exploitation

5.11 Vulnerabilities and risk

6 Receiving vulnerability reports

6.1 General

6.2 Vulnerability reports

6.3 Initial assessment

6.4 Further investigation

6.5 On-going communication

6.6 Coordinator involvement

6.7 Operational security

7 Publishing vulnerability advisories

7.1 General

7.2 Advisory

7.3 Advisory publication timing

7.4 Advisory elements

7.5 Advisory communication

7.6 Advisory format

7.7 Advisory authenticity

7.8 Remediations

8 Coordination

8.1 General

8.2 Vendors playing multiple roles

9 Vulnerability disclosure policy

9.1 General

9.2 Required policy elements

9.3 Recommended policy elements

9.4 Optional policy elements

Аnnex А (informative) Example vulnerability disclosure policies

Annex В (informative) Information to request in a report

Annex C (informative) Example advisories

Annex D (informative) Summary of normative elements

Bibliography