This ENISA study primarily aims to draw a comprehensive overview of the background and current state of play of coordinated vulnerability disclosure (CVD) practices across the EU Member States and outside the EU. First, the study presents a summary of the existing or planned national CVD policy initiatives along with good practices, challenges and recommendations on policy attempts. Second, the study offers an analysis of national, regional and global vulnerability databases, and presents the different practices on vulnerability and registry management along with the formats, metrics and procedures used in these databases.