📢
ISO/IEC 29147
Vulnerability disclosure
Organization: ISO/IEC • Category: Vulnerability Management
1
Related Articles
8
Articles with Obligations
5
Key Sections
8
Coverage Areas
Overview
Provides guidelines for how vendors should receive information about potential vulnerabilities in their products or online services, and how they should coordinate with external researchers and other parties.
Applicability
Vulnerability disclosure processes and coordination
Relevance to Cyber Resilience Act (CRA)
Directly addresses CRA vulnerability handling and disclosure requirements
Key Coverage Areas
1
Vulnerability disclosure policy
2
Reporting mechanisms
3
Coordinated vulnerability disclosure
4
Communication with researchers
5
Disclosure timelines
6
Remediation coordination
7
Public disclosure procedures
8
Legal protections for researchers
Standard Sections & Chapters
5
Vulnerability disclosure policy
6
Receiving vulnerability reports
7
Processing vulnerability reports
8
Coordinating vulnerability remediation
9
Public disclosure
Related Cyber Resilience Act (CRA) Articles
Article 16: Establishment of a single reporting platform
View Article →
Sections: 5, 6, 7, 8, 9
Vulnerability disclosure policy and coordination
Implementation Guidance:
Establish vulnerability disclosure policy, reporting mechanism, and coordination process
Mapped Obligations:
- ENISA must establish and maintain a single reporting platform for vulnerability and incident notifications
Quick Information
- Organization
- ISO/IEC
- Category
- Vulnerability Management
- Certification
- Not available