# Latticra Vulnerability Management Release Gate Baseline Status

Status: status record for vulnerability management release gate baseline
Date: 2026-05-26

## Scope

This record tracks the vulnerability-management release gate baseline for CISA KEV review, NVD/CVE review, coordinated vulnerability disclosure, dependency/component inventory, release blocking, mitigation/exception records, and public non-claims before production release, update, installer, package, internet-facing service, or security-product claims.

It does not run vulnerability scans, query live feeds, publish advisories, submit CVEs, patch dependencies, produce an SBOM, publish releases, grant release authority, or claim product security.

## Current fields

```text
vulnerability_management_release_gate_baseline_present=1
vulnerability_management_release_gate_status_present=1
vulnerability_management_release_gate_guard_present=1
cisa_kev_catalog_tracked=1
nvd_cve_review_required=1
cvss_context_required_not_risk_score_only=1
coordinated_vulnerability_disclosure_required=1
vulnerability_disclosure_policy_scope_required=1
dependency_component_inventory_required=1
sbom_required_before_production_release=1
kev_nvd_review_required_before_release=1
known_exploited_vulnerability_mitigation_required=1
non_exploitability_claim_requires_written_record=1
vulnerability_exception_owner_required=1
vulnerability_exception_expiration_required=1
release_block_on_unmitigated_known_exploited_vulnerability=1
internet_facing_asset_inventory_required_before_release=1
security_advisory_process_required_before_supported_release=1
implementation_behavior_changed=0
live_feed_query_added=0
vulnerability_scan_added=0
release_publishing_authority_granted=0
security_advisory_published=0
cve_submission_performed=0
sbom_generated=0
production_release_claim_allowed=0
product_security_claim_allowed=0
compliance_claim_allowed=0
external_endorsement_claimed=0
```

## Validation

```sh
sh scripts/test-vulnerability-management-release-gate-baseline.sh
```

Expected output:

```text
vulnerability_management_release_gate_baseline: ok
```