The vulnerability disclosure process is a complex interaction between security researchers and organizations responsible for software or hardware, aimed at identifying and addressing security flaws before they can be exploited by cybercriminals. Security researchers, who often operate independently, can have various motivations such as building relationships with vendors, earning bug bounties, or gaining media attention. Organizations need to manage the disclosure process carefully to mitigate risks, including patching the vulnerabilities, alerting customers, and handling media communications. To improve this process, establishing a clear Vulnerability Disclosure Program (VDP) is crucial, as it helps manage unexpected attack vectors and fosters a cooperative relationship between vendors and researchers. Effective communication, timely security advisories, and clear reporting methods are essential for reducing conflicts and ensuring that vulnerabilities are addressed promptly. Researchers are advised to ensure their testing is legal, provide detailed and understandable reports, and avoid demanding rewards outside of established bug bounty programs. As the software landscape grows more complex, the importance of vulnerability disclosures increases, helping prevent potential breaches that could disrupt operations and damage reputations. The JFrog security research team contributes to this effort by enhancing software security through automated analysis and coordinated disclosures.