ISO/IEC 29147:2014 信息技术 安全技术 信息泄露

标准编号：ISO/IEC 29147:2014

中文名称：信息技术 安全技术 信息泄露

英文名称：Information technology — Security techniques — Vulnerability disclosure

发布日期：2014-02

标准范围

ISO/IEC 29147:2014给出了产品和在线服务中潜在漏洞的披露指南。它详细说明了供应商应使用哪些方法来解决与漏洞披露相关的问题。ISO/IEC 29147:2014-为供应商提供关于如何接收其产品或在线服务中潜在漏洞的信息的指南，-为供应商提供关于如何传播有关其产品或在线服务中漏洞的解决信息的指南，-提供应通过实施供应商漏洞披露流程生成的信息项，以及-提供应包含在信息项中的内容示例。ISO/IEC 29147:2014适用于对其产品或在线服务中的漏洞的外部报告做出响应的供应商。

ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure. ISO/IEC 29147:2014- provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services,- provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services,- provides the information items that should be produced through the implementation of a vendor's vulnerability disclosure process, and- provides examples of content that should be included in the information items.ISO/IEC 29147:2014 is applicable to vendors who respond to external reports of vulnerabilities in their products or online services.

标准预览图