4-6 November | Sheraton Grand Doha, Qatar

Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (A12a)

Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (A12a)

This expert discussion covers the status and outlook of vulnerability handling. Common Criteria (CC) addresses vulnerability handling through a combination of security requirements and evaluation activities. CC primarily focuses on identifying and addressing known vulnerabilities. While it encourages secure development practices, it doesn’t guarantee the absence of unknown vulnerabilities. CC encourages developers to consider vulnerabilities throughout the development lifecycle and implement mitigation strategies. CC provides a framework for vulnerability handling in IT products by requiring a systematic analysis of known vulnerabilities and promoting secure development practices.