if you think 90 days is too short to develop a security fix what is your plan if there's an actively exploited security bug in your product where you have to deliver a fix within hours...
-
-
sure, I don't want people to rush fixes in 2 hours if there's no need to rush. but there should be a reasonable balance. if you can't deploy a good fix in 90 days I don't believe that you can deploy any fix in 2 hours.
-
The
@certcc splits the difference at 45 days. Whether it's an ideal compromise is yet to be determined.
End of conversation
New conversation -
-
-
My experience is that the company prioritizes marketing and new features over fixing security issues. About to hit five months on this one :(
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
You'll find that the overwhelming majority of managers prefer inaction to blame.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.