To truly improve cybersecurity outcomes across industry, greater transparency must become a cornerstone of how the larger security community operates. When companies are transparent about vulnerabilities and exploit trends, they help customers, partners and even competitors to make smarter, faster defensive decisions.

In the Initiative for Trust and Transparency in Cybersecurity’s first op-ed: “Cybersecurity’s Trust Deficit: Why We Need Responsible Transparency,” Fortinet’s Chief Security Strategist & Global VP for Threat Intelligence, Derek Manky argues that the sector’s lack of transparency isn’t simply a reputational issue, it has real consequences for defense, incident response and the security of critical infrastructure. 

Of particular concern, Manky points to:

• The “Opacity Tax”: When vendors treat vulnerability data as proprietary information and hide security practices behind trade-secret claims, customers make decisions without the information they need. 

• “Compliance Theater”: Regulatory compliance should be the floor, not the ceiling, of vulnerability disclosure. The strongest vendors aren’t those with the fewest disclosed vulnerabilities – they’re those with the most rigorous discovery and disclosure practices. 

• Imperfect Scorecards: Scoring systems like the Common Vulnerability Scoring System (CVSS) often treat vulnerabilities as fixed threats. Context and active exploitation data are critical to properly address threats. 

Read the full op-ed in Homeland Security Today below.

READ IT HERE