Software Engineering Institute

The CERT/CC has pioneered the Coordinated Vulnerability Disclosure (CVD) process from our inception in 1988 to the present. In the past year, we have been analyzing our own case tracking data between 1993 and 2017, with a focus on the distribution of case workloads over time. This slide deck contains preliminary findings from that analysis, showing how over time the workload is dominated by a relatively small number of cases – and why as a result, CVD participants shouldn't rely exclusively on traditional measures, such as case counts or averages when assessing the impact of their CVD efforts.

This presentation is a counterpart to the CERT Guide to Coordinated Vulnerability Disclosure. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=503330