FIRST releases updated coordination principles for Multi-Party Vulnerability Coordination and Disclosure

2020-05-11 04:30

The Forum of Incident Response and Security Teams has released an updated set of coordination principles - Guidelines for Multi-Party Vulnerability Coordination and Disclosure version 1.1.

Previous best practices, policy and process for vulnerability disclosure focused on bi-lateral coordination and did not adequately address the current complexities of multi-party vulnerability coordination.

Art Manion, Vulnerability Analysis Technical Manager, CERT Coordination Center said: "As software development becomes more complex and connected to supply chains, coordinated vulnerability disclosure practices need to evolve. The updated Guidelines are a step in that evolution, deriving guidance and principles from practical use cases."

The Guidelines for Multi-Party Vulnerability Coordination and Disclosure contains a collection of best current practices that consider more complex as well as typical real-life scenarios that go beyond a single researcher reporting a vulnerability to a single company.

"FIRST Chair, Serge Droz said:"The Guidelines for Multi-Party Vulnerability Coordination and Disclosure is an important step towards a better and more responsible way of managing vulnerabilities.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/pTHH9gKMLzU/

#disclosure #multi #vulnerability