Back to glossary

Responsible Disclosure

A vulnerability disclosure model where researchers report flaws to the vendor first and give them a reasonable amount of time to fix the issue before making it public.

Categorysecurity

Overview

Responsible disclosure is an ethical framework that balances the public's right to know about security risks with the need to prevent attackers from exploiting unpatched vulnerabilities. It is the foundation of most modern vulnerability disclosure programs.

The Process

  1. Researcher discovers a vulnerability.
  2. Researcher privately notifies the vendor.
  3. Vendor acknowledges the report and works on a patch.
  4. Vendor releases the patch.
  5. Researcher (and vendor) publicly disclose the details of the vulnerability.

Importance

This model prevents 'zero-day' situations where a vulnerability is public but no fix is available, protecting users from widespread exploitation.