Back to glossary

Coordinated Vulnerability Disclosure (CVD)

A collaborative process where multiple parties (researchers, vendors, and coordinators) work together to manage the disclosure and remediation of security vulnerabilities.

AbbreviationCVD
Categorysecurity

Overview

CVD is an evolution of responsible disclosure that recognizes the complexity of modern software, where a single vulnerability might affect many different vendors (e.g., a flaw in a common library or protocol). Organizations like CERT/CC often act as coordinators in these cases.

Key Principles

  • Trust: Building a relationship between researchers and vendors.
  • Timeliness: Fixing vulnerabilities as quickly as possible.
  • Clarity: Providing clear information to users about the risk and the fix.

Importance

CVD ensures that all affected parties are notified and have a chance to prepare patches before a vulnerability is made public, minimizing the overall risk to the ecosystem.

Related Terms

Responsible DisclosureCommon Vulnerabilities and Exposures (CVE)