18.8: Establish a Process to Accept and Address Reports of Software Vulnerabilities

CSF v1.1 References:

Threats Addressed:

Group:

Control Statement

Establish a process to accept and address reports of software vulnerabilities, including providing a means for external entities to contact your security group.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]