Reporting security flaws to vendors and the general public. Normally, vulnerabilities are first reported to the software vendor and then revealed to the public after the vendor has published a patch to fix the problem. If the vendor does not develop a remedy after 30 to 60 days, the discovering party often makes the flaw public. See
vulnerability and
CERT.