The Vulnerability Handling Specification focuses on vulnerability management for products with digital elements, as outlined by the Essential Requirements of the European Cyber Resilience Act.
It details the necessary components of a vulnerability handling policy, including procedures for receiving reports, resolving issues, and disclosing vulnerabilities.
Additionally, it specifies the requirements for managing vulnerable dependencies.
The Vulnerability Handling Specification is developed by the Cyber Resilience Practices Project of the Open Regulatory Compliance (ORC) Working Group.