nerdexam
Cisco

210-255 · Question #100

Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?

The correct answer is D. PSIRT. A PSIRT (Product Security Incident Response Team) is the vendor-internal team specifically chartered to investigate, remediate, and publicly disclose vulnerabilities in that vendor's own products and services.

Security Policies and Procedures

Question

Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?

Options

  • ACSIRT
  • BICASI
  • CUSIRP
  • DPSIRT

How the community answered

(28 responses)
  • A
    7% (2)
  • B
    4% (1)
  • D
    89% (25)

Why each option

A PSIRT (Product Security Incident Response Team) is the vendor-internal team specifically chartered to investigate, remediate, and publicly disclose vulnerabilities in that vendor's own products and services.

ACSIRT

CSIRT (Computer Security Incident Response Team) handles broad security incidents affecting an organization or its constituency, and is not specifically scoped to managing vulnerabilities in vendor products for external disclosure.

BICASI

ICASI (Industry Consortium for Advancement of Security on the Internet) is a multi-vendor coordination body for managing vulnerabilities that span multiple vendors simultaneously, not a single vendor's internal product vulnerability team.

CUSIRP

USIRP is not a recognized industry-standard designation for a team handling vendor product security vulnerability investigation and disclosure.

DPSIRTCorrect

PSIRT stands for Product Security Incident Response Team and is defined as the organizational unit within a vendor responsible for the full vulnerability lifecycle - intake, investigation, coordination with security researchers, patch development, and coordinated public disclosure. Unlike general incident response teams, a PSIRT's scope is limited to vulnerabilities in the vendor's own product portfolio.

Concept tested: PSIRT role in vendor product vulnerability disclosure

Source: https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1

Topics

#PSIRT#vulnerability disclosure#vendor security#CSIRT

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice