[WEBINAR] Bulletproof: How Today's Business Leaders Stay on Top

Vulnerability Disclosure

Definition - What does Vulnerability Disclosure mean?

A vulnerability disclosure is a policy practiced by organizations as well individuals regarding the disclosure or publishing of information regarding security vulnerabilities and exploits pertaining to a computer system, network or software. This is due to the fact that ethical hackers and computer security experts believe that it is their social responsibility to make the general public aware of vulnerabilities that might impact them, otherwise the silence might lead to a false feeling of security and cause people to be complacent, leading to further risks.

Vulnerability disclosure is also known as full disclosure of vulnerabilities or simply full disclosure.

Techopedia explains Vulnerability Disclosure

Vulnerability disclosure is the practice of publishing the details of a security vulnerability to the general public for scrutiny and to force software and hardware vendors to patch these issues quickly. Before vulnerability disclosures, software and hardware vendors relied on the security of secrecy, which is to say they hoped that whatever vulnerabilities they had would not be discovered and exploited by hackers. However, hackers have proven time and time again that if a vulnerability exists, they most likely will discover it sooner or later.

Before vulnerability disclosure became a common practice, security researchers that would report vulnerabilities that they found were often ignored, and some even threatened with lawsuits if the vulnerabilities became known. Some companies even treated these vulnerabilities as "theoretical" until a resourceful hacker found and exploited them, at which time the company would have to quickly develop a patch and then apologize profusely to their customers. That is why a group of companies and security researchers came together to form "responsibility disclosure," which relied on the threat of publishing the vulnerability to make the company in question do something about it.

The process for a vulnerability disclosure starts when a vulnerability is discovered in a computer or hardware system. The person who discovered it informs the company with details of the vulnerability so that they can take action. After 45 days, whether the company has released a patch or not, the vulnerability is publicly disclosed.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.