As with most situations in which multiple parties are engaged in a potentially stressful and contentious negotiation, surprise tends to increase the risk of a negative outcome. The importance of clearly communicating expectations across all parties involved in a CVD process cannot be overemphasized.

If we expect cooperation between all parties and stakeholders, we should do our best to match their expectations of being "in the loop" and minimize their surprise. Publicly disclosing a vulnerability without coordinating first can result in panic and an aversion to future cooperation from vendors and finders alike.

CVD promotes continued cooperation and increases the likelihood that future vulnerabilities will also be addressed and remedied.

  • No labels