Coordinated Vulnerability Disclosure
It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding these problems could cause a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage. Depending on the potential impact of the vulnerability, this period may vary between a few weeks and several months.
CIO Platform Nederland
- Coordinated Vulnerability Disclosure Reporting at ICANN (2013)
- Cyber Security Glossary, World Bank (2015)
- Policy for arriving at a practice for Responsible Disclosure, NCSC-NL
- Coordinated Vulnerability Disclosure Model Policy and Procedure, A publication of the CIO Experience Group Information Security (2016)
- Responsible Disclosure Modelbeleid en Procedure Publicatie van de CIO Experience Group Information Security (2016)