scope:

NEN-ISO/IEC 29147 gives guidelines for the disclosure of potential vulnerabilities in products and online services. This International Standard details the methods a vendor should use to address issues related to vulnerability disclosure. This International Standard a) provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services, b) provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services, c) provides the information items that should be produced through the implementation of a vendor's vulnerability disclosure process, and d) provides examples of content that should be included in the information items. This International Standard is applicable to vendors who respond to external reports of vulnerabilities in their products or online services.