This standard specifies the management requirements for information security vulnerabilities, involving the discovery, utilization, repair and disclosure of vulnerabilities. This standard is applicable to the management activities of information security vulnerabilities by users, vendors and vulnerability management organizations, including the prevention, collection, reduction and release of vulnerabilities.
GB/T 30276-2013 Referenced Document
GB/T 18336.1-2008 Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model