scope:

This Recommendation provides functional requirements for evaluating technical vulnerabilities. It analyses the advantages, problems and challenges of the common practice of vulnerability evaluation using crowdsourcing, and provides functional security requirements for a technical evaluation process. The features of the secured process, such as specified targets, behaviour audit, network traffic recovery, information sharing, etc., can build trust between security teams and organizations, secure the evaluation process, and enhance the potency of the evaluation.