ENISA publishes a good practice guide on Vulnerability Disclosure, aiming to provide a picture of the challenges the security researchers, the vendors and other involved stakeholders are confronted with when disclosing software/hardware vulnerabilities. The study gives a glimpse into the complex vulnerability disclosure landscape by taking stock of the current situation, identifying the challenges and good practices and proposes concrete recommendations for improvement.
The main part of the report, describes the main concepts behind vulnerability disclosure along with some figures of the number of vulnerabilities disclosed in the past 13 years.
