Who is a Vulnerability Reporter?

We generally refer to anyone that contacts us or a vendor as a "vulnerability reporter", or usually simply reporter. This is to distinguish from the fact that the reporter is not always the original person that discovered the vulnerability, or in some cases, that several reporters discovered the same vulnerability simultaneously.

Often you will also hear the term "vulnerability researchers", since many reporters come from an academic (university) research setting, but this is of course not required. Anyone investigating vulnerabilities, whether at work or at home, may do this type of work, and so we prefer the term reporter to be more clear.

Another term is "finder", as in the person that finds a vulnerability and reports it, but this is not always clear to English speakers. So we still prefer "reporter".

The links below and at the left provide resources and information to vulnerability reporters, both ones that wish to work independently with the vendor, as well as ones wishing to work with the CERT/CC.

 

Guidance Overview

Review the Requesting Coordination Assistance page for advice on how to start coordinating a vulnerability on your own, and when to contact the CERT/CC.

If you believe your vulnerability requires Coordination Assistance, please review our Guidelines for Requesting Coordination Assistance then fill out our Vulnerability Reporting Form.

For information on using PGP, please see PGPtemp.