P-SSCRM Documentation

D.1.5 Emergency artifact fix

Control Details

Objective

Fix a zero-day vulnerability.

Definition

Zero-day vulnerabilities may not be fixed by an upstream maintainer in a desired timeframe. Implement an emergency response process to fix the vulnerability, re-build, deploy to your organization, and contribute the fix to the upstream maintainer.

Assessment Questions

  1. How do you handle it when an external artifact has a zero-day vulnerability that is not being fixed by an upstream maintainer in a desired timeframe?

Reference sources

  1. S2C2F FIX-1