Coordinated disclosure is regarded as one of the best ways to protect customers from security exploits. Coordinated disclosure is based on two concepts: (1) when security vulnerabilities arise, companies work quickly, collaboratively, and effectively to mitigate the vulnerabilities, and (2) companies simultaneously take steps to decrease the risk that information becomes publicly available before mitigations are available.
We believe that the principles of coordinated disclosure are best expressed by the Computer Emergency Response Team (CERT) at Carnegie Mellon’s Software Engineering Institute, which has stated:
“The public and especially users of vulnerable products deserve to be informed about issues with those products and how the vendor handles those issues. At the same time, disclosing such information without review and mitigation only opens the public up to exploitation. The ideal scenario occurs when everyone coordinates and cooperates to protect the public.”
Information on coordinated disclosure and its importance can be found in the Guide to Coordinated Vulnerability Disclosure. More information on Product Security at Intel can be found on our corporate responsibility site here.