Other
Arm Product Security Incident Response
Overview
Arm's Product Security Incident Response (PSIRT) manages coordinated vulnerability disclosure and continuous security lifecycle support. It follows a four-phase process (Discover, Analyze, Resolve, Communicate) and operates as a CVE Numbering Authority. The team collaborates with global security organizations to ensure responsible disclosure and mitigation.
Key features
- ▸Four-phase PSIRT process: Discover, Analyze, Resolve, Communicate
- ▸Coordinated Vulnerability Disclosure (CVD) with embargo periods
- ▸CVE Numbering Authority (CNA) for transparent vulnerability cataloguing
- ▸Integrated with Arm's Security Development Lifecycle (SDL)
- ▸Independent validation by Product Security Assurance (PSA) team
- ▸Collaboration with MITRE, FIRST, NCSC, CISA
- ▸Acknowledges vulnerability reports within two business days
- ▸Publishes security bulletins on Arm Security Center
