EN/DE Start free trial
CVD

Coordinated Vulnerability Disclosure

Structured process for responsible vulnerability disclosure. Coordinates communication between discoverers, manufacturers and the public — CRA-compliant.

Start free trial →
Coordinated Vulnerability Disclosure

At a Glance

Reporting Portal

Public portal for security researchers and discoverers. Structured input with encrypted submission.

Disclosure Workflow

Configurable process: intake, triage, analysis, fix, coordinated publication. With SLA tracking.

Deadline Management

Automatic tracking of disclosure deadlines. Escalation when deadlines are about to be missed.

Stakeholder Coordination

Secure communication with discoverers, affected manufacturers and CERTs. Encrypted and traceable.

Advisory Creation

Seamless transition from the CVD process to CSAF advisory creation. All information flows directly.

CRA Compliance

Meets the Cyber Resilience Act requirements for the CVD process. Complete documentation for audits.

The Challenge

The Cyber Resilience Act requires manufacturers to establish a CVD process. Security researchers expect a clear reporting path, deadlines must be met, and communication must be traceable.

How CVD Works

TrustSource provides a public reporting portal through which security researchers can submit vulnerabilities in a structured and encrypted way. The integrated workflow guides through triage, analysis, fix development and coordinated publication.

Every step is documented — from the initial report to the published advisory. Deadlines are monitored automatically, stakeholders are informed proactively.

Related articles

19 Jan 2025

Cyber Resilience Act published

The EU Cyber Resilience Act (CRA) has been published recently. This article summarises the major impacts and obligations this will cause.