The unprecedented uptake of information and operational/industrial control system technologies (IT and OT/ICS) worldwide leads to a growing dependency of economic sectors, public institutions and societies. Vulnerabilities in software and hardware are abundant. When vulnerabilities are found by a third party, the challenge arises on how to report the vulnerability in a prudent way to those actors who can remove the vulnerability. Time is needed to fix the vulnerability before a wider audience gets
informed.
Coordinated Vulnerability Disclosure (CVD) pertains to the mechanisms by which vulnerabilities are shared and disclosed in a controlled way. This Global Good Practice document helps to shape a concerted international approach and support establishment of national CVD policies.
Source – GFCE website