Back

EVS-EN ISO/IEC 29147:2020

Information technology - Security techniques - Vulnerability disclosure (ISO/IEC 29147:2018)

General information

Valid from 15.06.2020

Base Documents

ISO/IEC 29147:2018; EN ISO/IEC 29147:2020

ICS Groups

35.030 IT Security

Directives or regulations

None

Standard history

Status

Date

Type

Name

15.06.2020

Main

EVS-EN ISO/IEC 29147:2020

Scope
Give feedback

This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides:
- guidelines on receiving reports about potential vulnerabilities;
- guidelines on disclosing vulnerability remediation information;
- terms and definitions that are specific to vulnerability disclosure;
- an overview of vulnerability disclosure concepts;
- techniques and policy considerations for vulnerability disclosure;
- examples of techniques, policies (Annex A), and communications (Annex B).
Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111.
This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors' products and services.

Required fields are indicated with *

Name *

Contact details *

Comments about standard *

I would like a response to my comments

To receive a copy of this form, enter your e-mail address

Buy / View

PDF

26.84 € incl tax

Paper

26.84 € incl tax

Browse standard from 2.44 € incl tax

Standard monitoring

Customers who bought this item also bought

Main

EVS-EN ISO/IEC 30111:2020

Information technology - Security techniques - Vulnerability handling processes (ISO/IEC 30111:2019)

Newest version Valid from 15.06.2020

Main

EVS-EN IEC 61000-6-3:2021

Electromagnetic compatibility (EMC) - Part 6-3: Generic standards - Emission standard for equipment in residential environments

Newest version Valid from 15.04.2021

Main + amendment

EVS-EN 55011:2016+A1+A11+A2:2021

Industrial, scientific and medical equipment - Radio-frequency disturbance characteristics - Limits and methods of measurement (CISPR 11:2015, modified + CISPR 11:2015/A1:2016 + CISPR 11:2015/A2:2019)

Newest version Valid from 01.06.2021

Main

EVS-EN IEC 61000-6-4:2019

Electromagnetic compatibility (EMC) - Part 6-4: Generic standards - Emission standard for industrial environments (IEC 61000-6-4:2018)

Newest version Valid from 01.10.2019

Standards designation

EVS	Estonian standard
EN	European standard (published by an CEN or CENELEC)
EN ISO	International standard adopted as an European standard
ISO	International Organization for Standardization’s standard
IEC	International Electrotechnical Commission’s standard
HD	CENELEC’s harmonisation document

EVS-EN	European standard implemented in Estonia
EVS-EN ISO	International standard adopted in Europe and implemented in Estonia
EVS-EN ISO/IEC	International standard/International electrotechnical standard adopted in Europe and implemented in Estonia
EVS-IEC	International electrotechnical standard implemented in Estonia
EVS-ISO	International standard implemented in Estonia

A, AMD	amedment
+A	a full standard plus the amendment
/A	only amendment
COR, AC	corrigendum
+COR	a full standard plus the corrigendum
NA	national annex
+NA	a full standard plus the national annex
/NA	only national annex
TS	technical specification
TR	technical report
CWA	agreement, developed by a CEN or CENELEC
prEVS-EN (etc)	draft standard

et	the standard is in Estonian only
en	the standard is in English only
et-en	the standard is in Parallel text Estonian-English

EVS-EN ISO/IEC 29147:2020

Information technology - Security techniques - Vulnerability disclosure (ISO/IEC 29147:2018)

General information

Standard history

EVS-EN ISO/IEC 27001:2017

EVS-EN ISO/IEC 27001:2023

EVS-EN ISO/IEC 27002:2022

EVS-EN ISO/IEC 27002:2017

Customers who bought this item also bought

EVS-EN ISO/IEC 30111:2020

EVS-EN IEC 61000-6-3:2021

EVS-EN 55011:2016+A1+A11+A2:2021

EVS-EN IEC 61000-6-4:2019

Standards designation

Contact

Contact

Information Service

EVS-EN ISO/IEC 29147:2020

Information technology - Security techniques - Vulnerability disclosure (ISO/IEC 29147:2018)

General information

Standard history

Related products

Customers who bought this item also bought

Standards designation