Get Started Book a Demo

Responsible Disclosure

24th February 2020 | Cybrary Responsible Disclosure


Responsible Disclosure refers to the best practice followed by most security researchers of not disclosing a critical vulnerability in a software product until a vendor patch or fix has been made readily available. This often comes into play when teams such as Google’s Project Zero, a team created to discover and fix security flaws, discover a vulnerability, and do not disclose the information to the public. The reason that the security analysts and researchers aren’t able to share the information publicly is that hackers and cyber criminals are often much faster to attack and exploit the vulnerability announced than vendors can produce a patch, and customers can deploy that patch to provide protection to themselves and their networks, data, and systems. That is why this is called Responsible Disclosure and is considered a best practice though no laws exist to compel security researchers to follow this. 

Related Terms: Bug Bounty Programs,Vulnerability, Zero Day Vulnerability

Related Reading: The Challenges of Cyber Research and Vulnerability Disclosure for Connected Healthcare Devices

Source: CSO Online

Should SMB’s be familiar with Responsible Disclosure?

Yes. Many SMB’s develop software for online distribution and use. As the owner of an SMB, you should consider advertising a Bug Bounty program for your product that encourages “responsible disclosure” by security researchers. This is a little financial incentive for people who find a critical flaw in your software, to bring it to you instead of selling it on the Dark or Deep web.

Secondly, SMB’s should have a Vulnerability Alert Management Process (aka: VAMP) that outlines the target timelines for patching critical vulnerabilities in the software and hardware you use to run your business. For Severity 1 bugs which could remotely compromise your network, data, or systems you need to patch ASAP.

CyberHoot has a VAMP process to help guide SMB’s to developing their own best practices relating to Zero-Day vulnerabilities, patching, and responsible disclosure.

For more information on Responsible Disclosure of vulnerabilities to hardware and software vendors, please watch this video:

https://youtube.com/watch?v=t5UKO4jjevw

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?
12th May 2026 | Blog

Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?

OAuth tokens don't expire when employees leave, passwords change, or apps go rogue. Your security program needs...

Read more
Attackers Don’t Need a Key. They Already Have Yours.
5th May 2026 | Blog

Attackers Don’t Need a Key. They Already Have Yours.

Most breaches don't start with a hacker in a hoodie cracking code at 3am. They start with your username and a...

Read more
Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.
10th April 2026 | Blog

Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.

Article Updates: As of May 6th 2026, every major U.S. AI lab, including Google DeepMind, Microsoft, xAI,...

Read more
Get Started All Posts