Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called "Coordinated Vulnerability Disclosure" (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way that minimizes risk and disruption for customers. Since then, feedback from the broader security community has been generally supportive.
Today, we're providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices - a CVD at Microsoft document, MSVR Advisories, and our internal corporate Disclosure of Vulnerabilities policy.
