|
|
|
|
|
|
by hazmazlaz
832 days ago
|
|
|
It is common for organizations to delay routine patching for some fixed period of time (allow others to be early adopters and assume the risks of negative impacts from the patch), and/or schedule patches to occur during a predetermined maintenance window. When you make a public security disclosure coordinated with the release of a patch to fix the issue disclosed, you alert the aforementioned organizations that there is an exploitable security vulnerability present and allow them to make an educated assessment of the comparative risks of patching immediately versus waiting and potentially being exploited. It's not a perfect system, but transparency is the best compromise possible and allows everyone to make an educated choice. All other options have greater downsides. |
|
|