ISO/IEC DIS 30111

Description / Abstract: This International Standard (IS) gives guidelines for how to process and resolve potential vulnerability information in a product or online service.

This International Standard is applicable to vendors involved in handling vulnerabilities. The International Standard is related to ISO/IEC 29147 Information technology — Security techniques — Vulnerability disclosure. This IS interfaces with elements described in ISO/IEC 29147 at the point of receiving potential vulnerability reports, and at the point of distributing vulnerability resolution information.

The IS takes into consideration the relevant elements of ISO/IEC 15408-3 Evaluation criteria for IT security – Part 3: Security assurance components in 13.5 Flaw remediation (ALC_FLR).