Global Good Practices – Coordinated Vulnerability Disclosure (CVD)

The unprecedented uptake of information and operational/industrial control system technologies (IT and OT/ICS) worldwide leads to a growing dependency of economic sectors, public institutions and societies. Vulnerabilities in software and hardware are abundant. When vulnerabilities are found by a third party, the challenge arises on  how to report the vulnerability in a prudent way to those actors who can remove the vulnerability. Time is needed to fix the vulnerability before a wider audience gets
informed.

Coordinated Vulnerability Disclosure (CVD) pertains to the mechanisms by which vulnerabilities are shared and disclosed in a controlled way. This Global Good Practice document helps to shape a concerted international approach and support establishment of national CVD policies.

Source – GFCE website