GFCE Global Good Practices Coordinated Vulnerability Disclosure (CVD)

Jurisdiction

International / Standards Bodies

Region

International

Requirement

Recommended

Organization

Global Forum on Cyber Expertise

Provision

N/A

Applies to

Political leadership/policymakers, manufacturers/vendors, users, reporters, legal professionals, and national CSIRTs

Date

2017

Description

Provides CVD best practices for political leadership/policymakers, manufacturers/vendors, users, reporters, legal professionals, and national CSIRTs. It also explains 8 key challenges, including conflicts between involved stakeholders; failure to patch after disclosure; and sale of zero-day vulnerabilities.

https://thegfce.org/wp-content/uploads/CoordinatedVulnerabilityDisclosure-1-1.p…