Good Practice Guide on Vulnerability Disclosure. From challenges to recommendations

Vulnerabilities are ‘flaws’ or ‘mistakes’ in computer-based systems that may be exploited to compromise the network and information security of affected systems. They provide a point-of-entry or gateway to exploit a system and as such pose potentially severe security risks. Fixing vulnerabilities is therefore crucial and the process of disclosing vulnerabilities is a vital component that cannot be underestimated.

January 18, 2016

The vulnerability disclosure landscape is complex, with several stakeholders involved that include vendors, IT security providers, independent researchers, the media, malicious users, governments and, ultimately, the general public. These stakeholders often have competing interests, which results in a challenging landscape.
In the specific context of the vulnerability disclosure process, this study seeks to achieve the following primary objectives:

  • take stock of the current situation in vulnerability disclosure;
  • identify the challenges of the current situation with respect to vulnerability disclosure;
  • identify good practices; and
  • propose recommendations for improvements to address the challenges and enhance the adoption of good practices.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information