Page History
...
- The finder composes a vulnerability report, as discussed in 4.2 Reporting.
- The finder (or reporter, if these are distinct individuals) provides that report to someone. Often the vulnerability report would be provided to the vendor, but that's not always the case. Sometimes the report might be sent to a coordinator. If the vulnerability is discovered internally to a vendor, then the report may simply be forwarded to the responsible team within the organization—for example, filed as a security-related bug report. We cover the coordinator role in Section 3.5. A discussion of the reporting process can be found in 4.2 Reporting.
- (Optional) Finders, reporters, vendors, or coordinators might prepare a document to publish. The finder often wants to draw attention to his or her discovery and subsequent analysis by publishing a document, blog post, or conference presentation, to share the findings with a larger audience. Vendors typically want to publish a document as well to inform their users that action has been taken to resolve the problem, and to prompt their users to take any required remediation actions. Publishing of vulnerability information is covered in 4.5 Gaining Public Awareness.
...
Overview
Content Tools