myctrl.tools
Compare

SBD-PLEDGE-5Vulnerability Disclosure Policy

>Control Description

Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products offered by the manufacturer, commits not to recommend or pursue legal action against good-faith reporters, provides a clear mechanism for public reporting, and aligns with coordinated vulnerability disclosure best practices. Manufacturers should also publish a security.txt file per RFC 9116.

>Related Controls

SBD-P2
SBD-PLEDGE-6

Ask AI

Configure your API key to use AI features.