A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas