responsible disclosure

term

securitygovernance & risk

Reporting a vulnerability privately to the vendor and giving them time to fix it before going public.

Also called coordinated disclosure, it balances two goods: users get a patch, and the flaw does not become a public weapon on day one. Practices vary on the deadline, but the principle is give the fix a head start over the exploit.

Also known as: coordinated disclosure, responsible-disclosure, CVD

All glossary entries