Collocations: Security Vulnerability Communication
Practice the key verb+noun collocations used when reporting, triaging, patching, and disclosing security vulnerabilities in English.
0 / 5 completed
1 / 5
Fill in: 'The researcher used the security@ email to ___ a vulnerability in the authentication module.'
We 'report a vulnerability' — 'report' is the standard first step when a researcher contacts a vendor about a security issue. 'Disclose' is the later, public-facing action; 'flag' is informal; 'submit' collocates with forms or bugs, not vulnerabilities specifically.
2 / 5
Fill in: 'The security team will ___ every incoming CVE to determine severity and affected systems.'
We 'triage a CVE' — 'triage' is the security-standard collocation for quickly prioritising vulnerabilities by risk. 'Assess' implies a deeper technical evaluation; 'review' is too general; 'classify' focuses on categorisation, not urgency.
3 / 5
Fill in: 'Engineering has 48 hours to ___ the critical security flaw identified in last night's scan.'
We 'patch a security flaw' — 'patch' is the precise technical collocation for applying a code-level fix to a vulnerability. 'Fix' is correct but generic; 'remediate a flaw' is also used but more formal; 'address' is vague and does not imply a code change.
4 / 5
Fill in: 'We follow a 90-day window to allow vendors to fix issues before we ___ responsibly.'
We 'disclose responsibly' — 'responsible disclosure' is the established security collocation for the coordinated process of informing the public after a fix is available. 'Publish' is the action, not the policy; 'announce' is marketing language; 'reveal' implies a surprise.
5 / 5
Fill in: 'The CISO asked us to ___ the impact of the data breach before making any public statement.'
We 'assess impact' — 'assess' is the security-standard collocation for determining the scope and severity of a breach. 'Measure impact' implies quantification; 'evaluate' is broader and strategic; 'calculate' is mathematical and implies precise numeric output.