Around the world, security researchers spend their time trying to find the vulnerabilities in ISPs’ software and networks, in the hope that they find the weak spots before the bad guys. A coordinated disclosure policy helps those researchers make the vulnerabilities public once they’ve been found, so that consumers know they exist and ISPs can get them fixed.
Why we care
Because the Internet is an important national infrastructure that needs protecting. It’s important that when security vulnerabilities are discovered, there is a well-established and safe process for reporting and fixing them.
Why should you care?
Because you rely on the Internet and deserve to have confidence in the systems that we use. You want to make sure that the services you use on the Internet are as secure as possible. You also want to know that there are no potential holes that could lead to your personal data being exposed. Coordinated disclosure guidelines are designed to help make the Internet safer and more secure for everyone. ISPs should have a coordinated disclosure policy that provides advice on how they can disclose security vulnerabilities, and advice to customers on how the company will react to and address these reports in a mature and cooperative way.