myctrl.tools
Compare

SBD-PLEDGE-6CVEs

>Control Description

Within one year of signing the pledge, demonstrate transparency in vulnerability reporting by issuing CVEs in a timely manner for critical and high-severity vulnerabilities in the manufacturer's products, whether discovered internally or externally. CVEs should include accurate CWE (Common Weakness Enumeration) and CPE (Common Platform Enumeration) fields. Manufacturers should not attempt to obscure the nature of vulnerabilities.

>Related Controls

SBD-P2
SBD-PLEDGE-5

Ask AI

Configure your API key to use AI features.