Following are a collection of references providing more details on the concepts and processes of Coordinated Vulnerability Disclosure (CVD).
- ISO 30111 https://www.iso.org/standard/69725.html
- ISO 29147 https://www.iso.org/standard/72311.html
- NTIA "Early Stage" Coordinated Vulnerability Disclosure Template Version 1.1 https://www.ntia.doc.gov/files/ntia/publications/ntia_vuln_disclosure_early_stage_template.pdf
- Vulnerability Disclosure Policy Basics: 5 Critical Components https://www.hackerone.com/blog/Vulnerability-Disclosure-Policy-Basics-5-Critical-Components
- DOJ "A Framework for a Vulnerability Disclosure Program for Online Systems" https://www.justice.gov/criminal-ccips/page/file/983996/download
- disclose.io is a cross-industry, vendor-agnostic standardization project for safe harbor† best practices to enable good-faith security research. http://disclose.io/
- Security.txt https://securitytxt.org/ and the IETF draft "A Method for Web Security Policies" https://tools.ietf.org/html/draft-foudil-securitytxt-08
- The CERT Guide to Coordinated Vulnerability Disclosure https://vuls.cert.org/confluence/display/CVD
- ENISA Good Practice Guide on Vulnerability Disclosure https://www.enisa.europa.eu/publications/vulnerability-disclosure
- ENISA Economics of Vulnerability Disclosure https://www.enisa.europa.eu/publications/economics-of-vulnerability-disclosure
- US GSA 18F https://github.com/18F/vulnerability-disclosure-policy
- US Department of Defense Vulnerability Disclosure Program https://www.dc3.mil/vulnerability-disclosure
- Rapid7 https://www.rapid7.com/security/disclosure/
- Google https://www.google.com/about/appsecurity/