- Whether the behavior described in the report is reproducible
- Whether the behavior described in the report has security implications
- The impact of the vulnerability to deployed systems
- Whether to publicly disclose the vulnerability
- How much detail to include in a public disclosure
- The timing of public disclosure
- Whether extensions should be made to deadlines set by one party or another, whether or not they have been mutually agreed to previously
In these situations, and many others, reporters and/or vendors may find it useful to engage the services of a third-party coordinator to assist with conflict resolution. Drawing on the experience and relative neutrality of a third-party coordinator can often dissipate some of the potential animosity that can arise in contentious cases.