THR-06
Vulnerability Disclosure Program (VDP)
Description
Mechanisms exist to establish a Vulnerability Disclosure Program (VDP) to assist with the secure development and maintenance of Technology Assets, Applications and/or Services (TAAS) that receives unsolicited input from the public about vulnerabilities in organizational TAAS.
Control Question
Does the organization establish a Vulnerability Disclosure Program (VDP) to assist with the secure development and maintenance of Technology Assets, Applications and/or Services (TAAS) that receives unsolicited input from the public about vulnerabilities in organizational TAAS?
Control Metadata
Domain:
Threat Management
Validation Cadence:
Annual
Evidence Request List:
E-TDA-16
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
13.2.2