scope:

This International Standard gives guidelines for the disclosure of potential vulnerabilities in products and online services. This International Standard details the methods a vendor should use to address issues related to vulnerability disclosure. This International Standard: 1) provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services; 2) provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services; 3) provides the information items that should be produced through the implementation of a vendor's vulnerability disclosure process; 4) provides content that should be included in the information items; This International Standard is applicable to: ? vendors who respond to external reports of vulnerabilities in their products or online services;