A procedure that defines how identified vulnerabilities should be assessed, processed, and corrected, as well as how and when information about these vulnerabilities should be made public to external parties.

A policy that prohibits the disclosure of information about vulnerabilities, attempting to prevent potential malicious use of vulnerabilities before they are fixed.

A policy that allows ethical hackers and security researchers to report vulnerabilities to responsible persons or teams, ensuring a safe correction process without disclosing information to the public.

A document that details the identified vulnerabilities of a product, their potential impact, and recommended corrective measures.

Rules that establish deadlines and conditions for the open disclosure of information about vulnerabilities after sufficient time has been provided for their correction.