Page History
...
Vulnerability discovery can take many forms, from specifically targeted software testing to simple use of a system by a security-aware individual who notices some feature that seems out of place. In order for that discovery to be relevant to our discussion, it must result in a vulnerability report. Most discussions about vulnerability disclosure are referring to the handling of reports of newly discovered vulnerabilities in products for which no patch exists (for a more nuanced discussion regarding why we're eschewing the term _zero-day vulnerability_ here, see [10]. We further distinguish vulnerability discovery from vulnerability scanning below.
...
Overview
Content Tools