SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
RV.1.1: Threat Intelligence
RV.1.2: Vulnerability Regressions
RV.1.3: Vulnerability Remediation and Disclosure
Vulnerability Remediation and Disclosure
RV.1.3: Have a policy that addresses vulnerability disclosure and remediation, and implement the roles, responsibilities, and processes needed to support that policy.
  • Example 1: Establish a vulnerability disclosure program, and make it easy for security researchers to learn about your program and report possible vulnerabilities.
  • Example 2: Have a Product Security Incident Response Team (PSIRT) and processes in place to handle the responses to vulnerability reports and incidents, including communications plans for all stakeholders.
  • Example 3: Have a security response playbook to handle a generic reported vulnerability, a report of zero-days, a vulnerability being exploited in the wild, and a major ongoing incident involving multiple parties and open-source software components.
  • Example 4: Periodically conduct exercises of the product security incident response processes.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Have a policy that addresses vulnerability disclosure and remediation, and implement the roles, responsibilities, and processes needed to support that policy.