ISO frees up vuln standard

Reg comments Got Tips?

The ISO's vulnerability disclosure standard is now available free to all.

The decision to make ISO/IEC 29147 a free publication means companies can create consistent processes for receiving vulnerability disclosures.

If it's followed, that would be a good thing: all too often, even respectable bug-hunters like Google or Cisco's Talos complain that vendors either lack processes for bug-reporting, or are unresponsive to reports.

Formerly 138 Swiss Francs, the document was made free following a request by the US CERT Coordination Centre's Art Manion, and Luta Security's Kate Moussouris.

The standard is available for download here.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020