Coordinated Vulnerability Disclosure

The Cyber Resilience Act (EU) 2024/2847 defines coordinated vulnerability disclosure as a structured process where security researchers report discovered software flaws directly to vendors, who then work with them to develop fixes before public release, ensuring a controlled and responsible handling of vulnerabilities throughout the EU market.