vulnerability disclosure


Also found in: Dictionary, Thesaurus, Medical.

vulnerability disclosure

Reporting security flaws to vendors and the general public. Normally, vulnerabilities are first reported to the software vendor and then revealed to the public after the vendor has published a patch to fix the problem. If the vendor does not develop a remedy after 30 to 60 days, the discovering party often makes the flaw public. See vulnerability and CERT.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that information is disseminated.
"All companies should consider promulgating a vulnerability disclosure policy," he said.
Although participants in the vulnerability disclosure program typically won't receive any financial reward for their efforts, success can still be a career booster, Rice said.
* Adopting a coordinated vulnerability disclosure policy and practice; and
400 days is an extremely long grace period--recently some vulnerability disclosure periods have been as short as 1 or 2 weeks.
Increased scrutiny and additional researchers also increase the vulnerability disclosure rate and result in reducing the total cost of ownership.
"Established industry practice concerning vulnerability handling avoids the risks created by the [PCI Council's] vulnerability disclosure requirements," Davidson said.
Called "Coordinated Vulnerability Disclosure" (CVD), the new model is similar to Microsoft's responsible disclosure policy.
EoACAo Security updates from a dedicated team of security experts, which help to ensure the latest protection by continuously monitoring multiple sources of vulnerability disclosure information to identify and correlate new relevant threats and vulnerabilities.
However, according to the X-Force report, vulnerabilities disclosed by independent researchers are twice as likely to have zero-day exploit code published, calling into question how researchers practice vulnerability disclosure and signifying the need for a new standard in the industry.
Sourcefire Inc (Nasdaq: FIRE), a provider of intrusion prevention, has announced that the Sourcefire Vulnerability Research Team (VRT) delivered rules that protected Sourcefire customers and Snort users for almost a month prior to the recent Microsoft vulnerability disclosure (Microsoft Security Bulletin MS07-061).
[E]ach stakeholder involved in vulnerability disclosure may adopt a differing view regarding the scope and type of role they are willing take [sic].

Full browser ?