What people say, what people do, and what they say they do are entirely different things.
– Margaret Mead

Certain roles are critical to the Coordinated Vulnerability Disclosure process, as described below:

Although a more detailed description of the CVD process is provided in Section 4, a simple sketch of the relationships between these roles is shown in Figure 1.

Figure 1: CVD Role Relationships

It is possible and often the case that individuals and organizations play multiple roles. For example, a cloud service provider might act as both vendor and deployer, while a researcher might act as both finder and reporter. A vendor may also be both a deployer and a coordinator. In fact, the CERT/CC has played all five roles over time, although not usually simultaneously.

< 2.7. CVD as a Wicked Problem | 3.1. Finder >