Comment Re:Disclosure Process (Score 1) 73
Yes, there is a semi-secret mailing list of organizations that are informed of CVEs before public disclosure.
It's called responsible disclosure, and security researchers have done this since the last century. When a vulnerability is discovered, the software's maintainers are given advance notice to develop a patch before the vulnerability is made public. I'm not aware that there's any master list of entities that get notified about every vulnerability whether it belongs to them or not.