Other

Arm Product Security Incident Response

by Cadence and Arm

Arm Product Security Incident Response

No structured specs available.

Overview

Arm's Product Security Incident Response (PSIRT) manages coordinated vulnerability disclosure and continuous security lifecycle support. It follows a four-phase process (Discover, Analyze, Resolve, Communicate) and operates as a CVE Numbering Authority. The team collaborates with global security organizations to ensure responsible disclosure and mitigation.

Key features

  • Four-phase PSIRT process: Discover, Analyze, Resolve, Communicate
  • Coordinated Vulnerability Disclosure (CVD) with embargo periods
  • CVE Numbering Authority (CNA) for transparent vulnerability cataloguing
  • Integrated with Arm's Security Development Lifecycle (SDL)
  • Independent validation by Product Security Assurance (PSA) team
  • Collaboration with MITRE, FIRST, NCSC, CISA
  • Acknowledges vulnerability reports within two business days
  • Publishes security bulletins on Arm Security Center
Manufacturer page

More from Cadence and Arm

Back to Cadence and Arm