II.
LibraryProcess overview
Reference · livelib-process:security-research--responsible-disclosure
responsible-disclosure overview
Managed process for ethical vulnerability disclosure to vendors with proper timeline management, communication tracking, and escalation procedures following CERT/CC and industry best practices.
Attributes
displayName
responsible-disclosure
description
Managed process for ethical vulnerability disclosure to vendors with proper timeline
management, communication tracking, and escalation procedures following CERT/CC and industry
best practices.
libraryPath
library/specializations/security-research/responsible-disclosure.js
specialization
security-research
references
- - CERT/CC Disclosure Policy: https://vuls.cert.org/confluence/display/CVD - Google Project Zero Policy: https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-policy.html
example
const result = await orchestrate('specializations/security-research/responsible-disclosure', {
projectName: 'Critical Vulnerability Disclosure',
vulnerability: {
type: 'remote-code-execution',
severity: 'critical',
cveId: 'CVE-2024-XXXX'
},
vendor: { name: 'Acme Corp', contact: 'security@acme.com' },
disclosurePolicy: { deadlineDays: 90 }
});
usesAgents
- security-report-writer
- vuln-researcher
Outgoing edges
lib_applies_to_domain1
- domain:cybersecurity·DomainCybersecurity
lib_belongs_to_specialization1
- specialization:security-research·Specialization
lib_implements_workflow1
- workflow:vulnerability-management·Workflow
uses_agent2
- lib-agent:security-research--security-report-writer·LibraryAgentSecurity Report Writer Agent
- lib-agent:security-research--vuln-researcher·LibraryAgentVulnerability Researcher Agent
Incoming edges
None.