The type of disclosure process in which a new bug is first reported to the vendor is known as:

The correct answer is responsible disclosure. This process involves an individual or organization notifying a vendor about a security bug or vulnerability before publicly disclosing the details. The goal is to allow the vendor sufficient time to develop and implement a fix, thereby protecting the users from potential exploitation. Responsible disclosure promotes cooperation between security researchers and vendors, fostering a secure environment for users.

In this approach, the emphasis is on maintaining confidentiality until the vendor has addressed the issue, ultimately enhancing software security. This practice contrasts with full disclosure, where details of the vulnerabilities are made publicly available immediately after discovery, potentially putting users at risk before a fix has been issued. Market disclosure and the other options don't align with the typical practices seen in cybersecurity regarding how vulnerabilities are reported and managed.