ALERT

[WEBINAR] See the Whole Story: The Case for a Visualization Platform

Vulnerability Disclosure

Definition - What does Vulnerability Disclosure mean?

A vulnerability disclosure is a policy practiced by organizations as well individuals regarding the disclosure or publishing of information regarding security vulnerabilities and exploits pertaining to a computer system, network or software. This is due to the fact that ethical hackers and computer security experts believe that it is their social responsibility to make the general public aware of vulnerabilities that might impact them, otherwise the silence might lead to a false feeling of security and cause people to be complacent, leading to further risks.

Vulnerability disclosure is also known as full disclosure of vulnerabilities or simply full disclosure.

Techopedia explains Vulnerability Disclosure

Vulnerability disclosure is the practice of publishing the details of a security vulnerability to the general public for scrutiny and to force software and hardware vendors to patch these issues quickly. Before vulnerability disclosures, software and hardware vendors relied on the security of secrecy, which is to say they hoped that whatever vulnerabilities they had would not be discovered and exploited by hackers. However, hackers have proven time and time again that if a vulnerability exists, they most likely will discover it sooner or later.

Before vulnerability disclosure became a common practice, security researchers that would report vulnerabilities that they found were often ignored, and some even threatened with lawsuits if the vulnerabilities became known. Some companies even treated these vulnerabilities as "theoretical" until a resourceful hacker found and exploited them, at which time the company would have to quickly develop a patch and then apologize profusely to their customers. That is why a group of companies and security researchers came together to form "responsibility disclosure," which relied on the threat of publishing the vulnerability to make the company in question do something about it.

The process for a vulnerability disclosure starts when a vulnerability is discovered in a computer or hardware system. The person who discovered it informs the company with details of the vulnerability so that they can take action. After 45 days, whether the company has released a patch or not, the vulnerability is publicly disclosed.

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.