Pre Vulnerability Disclosure

[Barry Fawthrop <barry () isscp com>]

Hi All

Curious, what is the current recommend method to embark on a Vulnerability Disclosure research?

Company C has product P, which I would be interested in knowing the security built into the
product. As a side hobby type deal I would like to investigate the product and test it against
current security standards, and find it's vulnerabilities if any.

Obviously these will be released back to Company C with complete and full disclosure

Is there an industry standard method to perform this, or how would one enter the Vulnerability
Disclosure field?

Thank You

Barry