The number of manufacturers in cyber safety industries who have coordinated vulnerability disclosure programs is quickly growing. We encourage more engagement between manufacturers and researchers, along the lines of our Position on Disclosure.

Medical Devices

Public Infrastructure


Third-Party Vulnerability Coordinators and Other Disclosure Resources

  • CERT/CCPart of the a nonprofit Software Engineering Institute (SEI).
  • US-CERT or  ICS-CERT: The U.S. government’s incident handling and vulnerability coordination organizations.
  • FDA: The U.S. regulator for medical devices has asked researchers to reach out by email with questions or issues
  • Bug Crowd,  HackerOne,  Synack – Companies that run disclosure programs for other organizations, and may help coordinate with organizations not on their platform.
  • Email common addresses, such as security@, psirt@, safety@, productsecurity@, etc.
  • See if anyone in your network has contacts at the company, without inadvertently disclosing the issues.

Resources for Companies