Coding Practices to Minimize Vulnerabilities.
This research paper discusses when a software vulnerability is discovered by a third party, how an organization should set their vulnerability reporting when such a vulnerability arises. Information about software vulnerabilities, when released broadly, it forces software vendors to release (a) patch(es); At the same time the same information can amplify risks to software users and allows threat actors to exploit the vulnerabilities before they can be patched. This paper will provide an analysis of the current state of affairs in the world of software vulnerabilities, propose various techniques for disclosing these vulnerabilities, cost analysis, and the benefits and risks associated with each approach.
