|
|
|
|
|
|
by depierre
426 days ago
|
|
|
It's really about striking a balance: giving vendors a fair chance to patch, while also not leaving users in the dark indefinitely. That's also why the 90-day disclosure policy has become common in the industry (e.g., Google's Project Zero). I've had cases where I tried reaching out via email, LinkedIn, Twitter, you name it, and got radio silence for months and months. Then, when you make the difficult decision to go public, the vendor finally reacts... That sudden urgency only shows up when there's a bit of spotlight. |
|
|