Security vulnerabilities in software systems pose a constant threat to computer users, the Internet, and the critical infrastructures that depend on it. The OIS has developed a reference process embodying best practices for identifying, investigating, and remedying security vulnerabilities.

This process is characterized by close collaboration in good faith between the person or organization who identifies a vulnerability and the person or organization responsible for maintaining the product in which it occurs. It is intended to be agnostic regarding the software development model used, appropriate for organizations of varying sizes, and usable worldwide.

Download the OIS Guidelines