scope:

This International Standard (IS) gives guidelines for how to process and resolve potential vulnerability information in a product or online service. This International Standard is applicable to vendors involved in handling vulnerabilities. The International Standard is related to ISO/IEC 29147 Information technology - Security techniques - Vulnerability disclosure. This IS interfaces with elements described in ISO/IEC 29147 at the point of receiving potential vulnerability reports, and at the point of distributing vulnerability resolution information. The IS takes into consideration the relevant elements of ISO/IEC 15408-3 Evaluation criteria for IT security - Part 3: Security assurance components in 13.5 Flaw remediation (ALC_FLR).