Abstract: With the increasing complexity of information systems and computer networks, the number of security vulnerabilities has grown rapidly. Active disclosure of security vulnerabilities can effectively reduce the cost of security vulnerabilities information collection, help relevant organizations to be aware of security threats in a timely manner, and at the same time solve the problem of information islands through mutual exchanges and cooperation between organizations and even countries, and improve the ability to respond to security threats. At present, the disclosure of security vulnerabilities has become an important means to mitigate potential security threats, reduce risk exposure, and help organizations actively repair security vulnerabilities. First, it introduces the concept and mainstream norms of cybersecurity vulnerability disclosure policies. Second, it investigates and compares the current international security vulnerability disclosure policies of various countries, and then focuses on the analysis of the US Vulnerabilities Equities Policy. Analyzed the relationship between various organizations involved in the disclosure of security vulnerabilities, summarized the current implementation status and challenges of the security vulnerability disclosure policy, and finally put forward some suggestions for establishing a standardized security vulnerability disclosure policy in my country.

Key words: security vulnerability, vulnerability disclosure, coordination vulnerability disclosure, national policy, security vulnerabilities equities policy

摘要： 随着信息系统和计算机网络复杂性的提升，安全漏洞的数量增长迅速。通过积极的安全漏洞披露，可有效降低安全漏洞信息搜集成本，帮助有关组织及时知晓安全威胁，同时通过各组织乃至国家间相互交流合作解决信息孤岛问题，提升应对安全威胁的能力。目前安全漏洞披露已成为缓解潜在安全威胁、减小风险暴露、帮助组织积极修补安全漏洞的重要手段。首先介绍了网络安全漏洞披露政策的概念和主流规范，其次，调研和对比了目前国际范围内各国的安全漏洞披露政策，接着重点剖析了美国安全漏洞公平裁决程序。分析了安全漏洞披露中涉及到的各组织机构间关系，总结了目前安全漏洞披露政策的实施状态和面临的挑战，最后为我国建立规范的安全漏洞披露政策提出一些建议。

关键词: 安全漏洞, 漏洞披露, 协同披露, 国家政策, 安全漏洞公平裁决