Reporting security flaws to vendors and the general public. Normally, vulnerabilities are first reported to the software vendor and then revealed to the public after the vendor has published a patch ...