|
|
|
|
|
|
by rshnotsecure
2161 days ago
|
|
|
OpenSSL recently passed a change in their vuln announcement policy to give a major firm, which everyone here knows I think, 7 days advance notice of any zero-day that they were made aware of. This was the engineer who helped set up the new policy: https://awe.com To be honest, maybe it's a good idea. It depends on how much support Huawei is willing to give OpenSSL. |
|
|
> The OMC voted this week to update our security policy [1] to include the option of us giving prenotification to companies with which we have a commercial relationship. (Edited to clarify: the vote was to allow notification to our Premium Support customers and this does not include lower support levels, sponsors, or GitHub sponsors.)
* https://www.openssl.org/blog/blog/2020/05/12/security-prenot...
* https://www.openssl.org/support/contracts.html#premium