Handling security reports

It is obvious that the time has come to consider having a certain approach to handle security reports. What i have noticed through a personal experience that the people involved in a certain way in taking security measures take the security reports with extreme paranoia. Somehow they prefer to not assume their responsibility of the existence of a system vulnerability on taking actual measures to contain their failures.

On the other hand, sometimes after reporting a vulnerability i get the impression that i am the responsible of this vulnerability. Some times they ask a certain type of questions irrelevant with the case like they are trying to prove that i did something illicit to provoke the system failure. Well, i say lets not do like Ostriches and deal with the predators out their that are doing their best to make your system crash. We all know that system vulnerabilities doesn't have to be so obvious to be considered seriously. Research demonstrates that systems vulnerabilities are registered not only by exposing the systems to a certain hazard or misuse but also by it's adaptability with these hazards.

Researchers have been working on providing an efficient way to detect vulnerabilities and it is evolving pretty well but what we need also to have is a guided way to handle vulnerabilities reports by a third party because a machine is programmed to do what it was built to do but a human being can be more unpredictable.