Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • 92% of researchers participate in some form of CVD.
  • 70% of researchers expected regular communication from the vendor about their report. Frustrated expectations were often cited as the reason for abandoning the CVD process
  • 60% of researchers cited threat of legal action as a reason they might not work with a vendor to disclose
  • 15% of researchers expected a bounty in return for their disclosure


< 2.1. Reduce Harm | 2.3. Avoid Surprise >


  1. I Am The Cavalry, "5 Motivations of Security Researchers," [Online]. Available: [Accessed 17 May 2017].
  2. National Telecommunications and Information Administration, "Multistakeholder Process: Cybersecurity Vulnerabilities," 15 December 2016. [Online]. Available: [Accessed 17 May 2017].
  3. NTIA Awareness and Adoption Working Group, "Vulnerability Disclosure Attitudes and Actions: A Research Report from the NTIA Awareness and Adoption Group," 15 December 2016. [Online]. Available: [Accessed 6 June 2017].