[{"Identifier":"CYB.060.010", "Activity":"Patch Management", "Description":"Implement a comprehensive patch management program in order to identify, report, and correct information system flaws."}, {"Identifier":"CYB.060.020", "Activity":"Remediation / Mitigation", "Description":"Correct problems identified by confirmed weaknesses or vulnerability assessment activities, in order to provide guidance to the organization on reducing any risk or exposure."}, {"Identifier":"CYB.060.030", "Activity":"Coordinated Vulnerability Disclosure", "Description":"Gathering information from vulnerability finders, coordinating the sharing of that information between relevant stakeholders, and disclosing the existence of software vulnerabilities and their mitigations to various stakeholders including the public in order to reduce an adversary's advantage while an information security vulnerability is being mitigated."}]