Coordinated Vulnerability Disclosure
CVD is the process by which security researchers report vulnerabilities privately to vendors, who then develop a fix before details are published to the world. It balances the public's need to know against the risk of handing attackers a working exploit before a patch exists. Most responsible vendors, bug bounty programs, and government agencies follow CVD norms, often with an agreed disclosure timeline.