Corelan Vulnerability Disclosure Policy

Corelan Vulnerability Disclosure Policy

This document describes the security vulnerability disclosure policy of Corelan Team.

It is the official policy of Corelan Team members (referred to as “us” or “we” hereafter) to exercise the responsible/coordinated disclosure of security vulnerabilities in a manner which is of maximum value to all affected parties.  Corelan reserves the right to change this policy at any time, without prior notice.

Current version :  v1.7, last changed on april 29, 2011, 10:26 Brussels time : added link to attrition

Older versions :

  • 1.6, last changed on july 26th, 2010, 11:26 Brussels time : introduced “coordinated” in conjunction with “responsible”.
  • 1.5, last changed on july 13th, 2010, 7:24 Brussels time : added section “Communication Guidelines”
  • 1.4,  last changed on july 11th 2010, 16:53 Brussels time : added a statement about “upcoming advisories”.
  • 1.3, last changed on april 18th 2010, 11:30 GMT+1
  • 1.2, last changed on april 12th, 2010, 15:07 GMT+1

The permalink URL for this policy is

Executive overview for v