Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The Awareness and Adoption Group within the NTIA Multistakeholder Process for Cybersecurity Vulnerabilities [2] surveyed security researchers and vendors, finding that [3]:

  • 92% of researchers participate in some form of CVD.
  • 70% of researchers expected regular communication from the vendor about their report. Frustrated expectations were often cited as the reason for abandoning the CVD process
  • 60% of researchers cited threat of legal action as a reason they might not work with a vendor to disclose
  • 15% of researchers expected a bounty in return for their disclosure