D.1 Respond to/disclose vulnerabilities

Controls for identifying and addressing vulnerabilities in products and preventing similar ones from occuring in the future.

Controls

D.1.1 Vulnerability analysis

Plan the resolution of discovered vulnerabilities

D.1.2 Risk-based vulnerability remediation

Remediate vulnerabilities based upon a risk-based prioritization

D.1.3 Vulnerability disclosure

Aid organizations in responding to vulnerabilities to reduce the window of opportunity for attackers

D.1.4 Vulnerability eradication

Proactively eradicate classes of vulnerabilities.

D.1.6 Root cause analysis

Reduce the frequency of vulnerabilities in the future