What would you do if you discovered a security vulnerability in your system?

• A. Reproduce, assess severity, notify stakeholders, patch, verify fix, communicate remediation plan.
• B. Ignore it until it is exploited.
• C. Publicly disclose vulnerability without patch.
• D. Blame others for the vulnerability.

Answer: (A)

When you discover a security vulnerability, follow a structured response: reproduce the issue to confirm it and understand how it could be exploited; assess its severity to prioritize actions; notify the right stakeholders so everyone is aligned; patch or implement a mitigation to close the exposure; verify the fix with re-testing to ensure the vulnerability is resolved; and communicate the remediation plan and status to stakeholders, including documentation and any required disclosure. This sequence ensures the vulnerability is truly understood, addressed, and tracked to prevent recurrence.

The other options fall short because ignoring the vulnerability leaves a risk open to exploitation, publicly disclosing without a patch can expose users and violate policies or laws, and blaming others doesn’t advance a real remediation.