The Cyber Resilience Practices Project develops specifications designed to help improve the cyber resilience of open source projects and of the products that incorporate these projects and facilitate compliance with related regulation worldwide.
The first specification to be developed by this project is the Vulnerability Handling Specification.
The Vulnerability Handling Specification focuses on vulnerability management for products with digital elements, as outlined by the Essential Requirements of the CRA. It details the necessary components of a vulnerability handling policy, including procedures for receiving reports, resolving issues, and disclosing vulnerabilities. Additionally, it specifies the requirements for managing vulnerable dependencies.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.
Member companies supporting this project over the last three months.