This ISP Spotlight guest blog focusses on coordinated disclosure. It is by Barry Brailey, Chair of the New Zealand Internet Task Force which wrote New Zealand's only guidelines on coordinated disclosure back in 2013.
All software has vulnerabilities. The larger your code base, the more likely your software has bugs. That's why projects like the Open Web Application Security Project (OWASP) exist. They highlight the 10 most common web application bugs that people code, and train people not to do them.