Page History

...

The Awareness and Adoption Group within the NTIA Multistakeholder Process for Cybersecurity Vulnerabilities [2] surveyed security researchers and vendors, finding that [3]:

• 92% of researchers participate in some form of CVD.
• 70% of researchers expected regular communication from the vendor about their report. Frustrated expectations were often cited as the reason for abandoning the CVD process
• 60% of researchers cited threat of legal action as a reason they might not work with a vendor to disclose
• 15% of researchers expected a bounty in return for their disclosure

...