Honesty is a virtue, say most cybersecurity professionals. That's true even when the honesty involves disclosing vulnerabilities, with 90% of professionals saying that disclosure is a "public good" that increases transparency and improves overall IT security.
The bias toward disclosure is shown in the results of a recent survey conducted by 451 Research and sponsored by Veracode. According to the report, 37% of organizations have received unsolicited disclosures in the last 12 months and, of those, 90% publicly disclosed the vulnerabilities in coordination with the researcher(s) who discovered the issue.
Even so, only 9% of those who identified their own vulnerability opted to make a full disclosure.
For more, read here.