Get Started Book a Demo

Responsible Disclosure

24th February 2020 | Cybrary Responsible Disclosure


Responsible Disclosure refers to the best practice followed by most security researchers of not disclosing a critical vulnerability in a software product until a vendor patch or fix has been made readily available. This often comes into play when teams such as Google’s Project Zero, a team created to discover and fix security flaws, discover a vulnerability, and do not disclose the information to the public. The reason that the security analysts and researchers aren’t able to share the information publicly is that hackers and cyber criminals are often much faster to attack and exploit the vulnerability announced than vendors can produce a patch, and customers can deploy that patch to provide protection to themselves and their networks, data, and systems. That is why this is called Responsible Disclosure and is considered a best practice though no laws exist to compel security researchers to follow this. 

Related Terms: Bug Bounty Programs,Vulnerability, Zero Day Vulnerability

Related Reading: The Challenges of Cyber Research and Vulnerability Disclosure for Connected Healthcare Devices

Source: CSO Online

Should SMB’s be familiar with Responsible Disclosure?

Yes. Many SMB’s develop software for online distribution and use. As the owner of an SMB, you should consider advertising a Bug Bounty program for your product that encourages “responsible disclosure” by security researchers. This is a little financial incentive for people who find a critical flaw in your software, to bring it to you instead of selling it on the Dark or Deep web.

Secondly, SMB’s should have a Vulnerability Alert Management Process (aka: VAMP) that outlines the target timelines for patching critical vulnerabilities in the software and hardware you use to run your business. For Severity 1 bugs which could remotely compromise your network, data, or systems you need to patch ASAP.

CyberHoot has a VAMP process to help guide SMB’s to developing their own best practices relating to Zero-Day vulnerabilities, patching, and responsible disclosure.

For more information on Responsible Disclosure of vulnerabilities to hardware and software vendors, please watch this video:

https://youtube.com/watch?v=t5UKO4jjevw

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams
23rd June 2026 | Blog

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more
Hackers steal your cookies. Chrome may help stop Session Cookie Theft!
9th June 2026 | Blog

Hackers steal your cookies. Chrome may help stop Session Cookie Theft!

Google has built and released a new cookie protection measure that makes stolen session cookies useless on any...

Read more
AI Found Your Weaknesses. Let’s Fix Them First.
2nd June 2026 | Blog

AI Found Your Weaknesses. Let’s Fix Them First.

New benchmark data names MDASH and Claude Mythos Preview are the top AI agents finding zero-day vulnerabilities...

Read more
Get Started All Posts