Good process serves you so you can serve customers. But if you're not watchful, the process can become the thing. This can happen very easily in large organizations. The process becomes the proxy for the result you want. You stop looking at outcomes and just make sure you're doing the process right. Gulp. It's not that rare to hear a junior leader defend a bad outcome with something like, "Well, we followed the process." A more experienced leader will use it as an opportunity to investigate and improve the process. The process is not the thing. It's always worth asking, do we own the process or does the process own us?
– Jeff Bezos, 2016 Letter to Amazon Shareholders
I came here to make the world a better place, but I think I broke it.
– Judy Hopps, Zootopia
As we've mentioned throughout this document, CVD can occasionally be a complex process. In this section, we'll first cover some of the common ways things can go wrong and finish with some suggestions on what to do if and when they do. A summary of the advice in this section can be found in 6.10 Troubleshooting Coordinated Vulnerability Disclosure Table.
- 6.1 Unable to Find Vendor Contact
- 6.2 Unresponsive Vendor
- 6.3 Somebody Stops Replying
- 6.4 Intentional or Accidental Leaks
- 6.5 Independent Discovery
- 6.6 Active Exploitation
- 6.7 Relationships that Go Sideways
- 6.8 Hype, Marketing, and Unwanted Attention
- 6.9 What to Do When Things Go Wrong
- 6.10 Troubleshooting Coordinated Vulnerability Disclosure Table