210-255 · Question #100
Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?
The correct answer is D. PSIRT. A PSIRT (Product Security Incident Response Team) is the vendor-internal team specifically chartered to investigate, remediate, and publicly disclose vulnerabilities in that vendor's own products and services.
Question
Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?
Options
- ACSIRT
- BICASI
- CUSIRP
- DPSIRT
How the community answered
(28 responses)- A7% (2)
- B4% (1)
- D89% (25)
Why each option
A PSIRT (Product Security Incident Response Team) is the vendor-internal team specifically chartered to investigate, remediate, and publicly disclose vulnerabilities in that vendor's own products and services.
CSIRT (Computer Security Incident Response Team) handles broad security incidents affecting an organization or its constituency, and is not specifically scoped to managing vulnerabilities in vendor products for external disclosure.
ICASI (Industry Consortium for Advancement of Security on the Internet) is a multi-vendor coordination body for managing vulnerabilities that span multiple vendors simultaneously, not a single vendor's internal product vulnerability team.
USIRP is not a recognized industry-standard designation for a team handling vendor product security vulnerability investigation and disclosure.
PSIRT stands for Product Security Incident Response Team and is defined as the organizational unit within a vendor responsible for the full vulnerability lifecycle - intake, investigation, coordination with security researchers, patch development, and coordinated public disclosure. Unlike general incident response teams, a PSIRT's scope is limited to vulnerabilities in the vendor's own product portfolio.
Concept tested: PSIRT role in vendor product vulnerability disclosure
Source: https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1
Topics
Community Discussion
No community discussion yet for this question.