Customer Support: +353 (0)1 857 6730

Corporate Website About Us
  • Shopping Cart
    There are no items in your cart
Please enter a keyword to search
Advanced search
Home
BSI
BS EN ISO/IEC 29147:2020

BS EN ISO/IEC 29147:2020

Current

Current

The latest, up-to-date edition.

Information technology. Security techniques. Vulnerability disclosure

Amendment of

BS ISO/IEC 29147:2018

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

10-06-2020

Publisher

British Standards Institution

€285.14
Excluding VAT
EUR
CAD
CHF
CNY
DKK
EUR
GBP
HKD
IDR
INR
JPY
KRW
MXN
NOK
NZD
SEK
SGD
USD
ZAR
Hardcopy - English
PDF - English
01
02
03
04
05
06
07
08
09
10

Committee
IST/33
DocumentType
Standard
Pages
44
PublisherName
British Standards Institution
Status
Current
Supersedes

This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides:

  • guidelines on receiving reports about potential vulnerabilities;

  • guidelines on disclosing vulnerability remediation information;

  • terms and definitions that are specific to vulnerability disclosure;

  • an overview of vulnerability disclosure concepts;

  • techniques and policy considerations for vulnerability disclosure;

  • examples of techniques, policies (AnnexA), and communications (AnnexB).

Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC30111.

This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors’ products and services.

Standards Relationship
EN ISO/IEC 29147:2020 Identical
ISO/IEC 29147:2018 Identical
EN ISO/IEC 29147:2020 Identical

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.

Get in touch with us