As an industry association and standards development organization (SDO), the PDF Association considers all PDF security matters as important and strongly encourages Coordinated Vulnerability Disclosure (CVD).

However correct, secure, and robust implementation of PDF software is a matter for each software implementor. Any discovered security vulnerabilities should be responsibly reported directly to the vendor or implementor on a case-by-case basis.