Responsible disclosure
coordinated disclosure
A vulnerability-reporting protocol where researcher and protocol coordinate a fix before public announcement.
Most DeFi protocols document a responsible-disclosure policy alongside their Bug bounty programme — typical fix windows are 30-90 days for critical findings. Public CVE-style disclosures land after the patch deploys.
Related terms
- Bug bountyA standing reward programme paying ethical hackers for responsibly disclosed vulnerabilities.
- Audit reportA security firm's written review of smart-contract code, classifying findings by severity and tracking issuer responses.
- ExploitA security failure that lets an attacker drain protocol funds — historically the dominant loss vector in DeFi.