// THREAT DETECTION AND DATA PRIVACY TERM
Disclosure
Disclosure is the process of sharing information about a security vulnerability or data breach. This communication is typically directed at affected individuals, regulatory bodies, or the general public to promote transparency and remediation.

TECHNICAL DEFINITION
In cybersecurity, disclosure is the controlled communication and public notification of a security vulnerability (e.g., a CVE) or data breach event to affected stakeholders, including customers and regulatory agencies, often following a policy like Coordinated Vulnerability Disclosure (CVD).
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- breach notification
- vulnerability reporting
- public announcement
- advisory
- security bulletin
- notification
USAGE NOTE
The timing and scope of disclosure are critical strategic decisions in incident response, balancing legal obligations with the risk of further exploitation.
DEVELOPERS
Organizations developing technology related to Disclosure.
A vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers. The company provides a platform for organizations to manage their vulnerability disclosure programs (VDPs).
A crowdsourced cybersecurity platform that provides bug bounty, vulnerability disclosure, and penetration testing services. It manages the process of finding, validating, and disclosing security vulnerabilities for its clients.
A non-profit organization that operates federally funded research and development centers (FFRDCs). It manages the Common Vulnerabilities and Exposures (CVE) list, which is the industry standard for identifying and cataloging publicly disclosed cybersecurity vulnerabilities.
A team of security researchers at Google tasked with finding zero-day vulnerabilities in hardware and software systems. The team adheres to a strict disclosure policy, typically making vulnerability details public 90 days after reporting to the vendor.
Operated by Trend Micro, ZDI is a program that rewards security researchers for responsibly disclosing vulnerabilities. It is the world's largest vendor-agnostic bug bounty program, coordinating with vendors to patch flaws before public disclosure.
A U.S. federal agency responsible for cybersecurity and infrastructure protection. CISA runs a vulnerability disclosure platform (VDP) and Binding Operational Directive (BOD 20-01) which requires federal agencies to have a clear vulnerability disclosure policy.
A provider of Internet hosting for software development and version control using Git. GitHub provides integrated security features like Dependabot alerts and GitHub Security Advisories, which allow maintainers of open source projects to privately discuss, fix, and publicly disclose security vulnerabilities.