A Vulnerability Disclosure Policy is a publicly available document, typically accessed via the Vendor’s reporting web page. It is the Vendor’s statement as to how they will handle any vulnerability report passed to them. Reporting a product security issue should be made simple so that a vendor can get to work on applying a fix as soon as possible.
Coordinated vulnerability disclosure policies cover all stages of the process from advertising the correct point of contact, through to the timescale for fixing any issues and recognition for any bugs discovered. Read this white paper for find out more about how this can effect the government, businesses, and their customers.