Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


However, even with a well-organized customer contact database, it can be difficult for a vendor to be certain that all relevant decision makers are reached in a timely manner. Hence, we recommend that vendors publish at least basic vulnerability and fix announcements to their public website in addition to whatever direct customer contact communications they provide.


< 4.4 Remediation | 4.6 Promote Deployment >


  1. Security Focus, "BugTraq Archive," [Online]. Available: [Accessed 23 May 2017].
  2., "Full Disclosure Mailing List," [Online]. Available: [Accessed 23 May 2017].
  3. MITRE, "Common Vulnerabilities and Exposures," [Online]. Available: [Accessed 16 May 2017].
  4. MITRE, "Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) Rules Version 1.1," 16 September 2016. [Online]. Available: [Accessed 16 May 2017].