The benefit to security of any disclosure policy tends to be inversely proportional to how loudly vendors cheer for it 
I think the new policies make a lot more sense for vendors of cloud software. The policies before were great for client software. maybe now it's worse for client software. I believe there should be two policies tbh
-
-
What difference does it make for cloud software? Patch adoption there is effectively perfect, so doesn't seem like an issue, perhaps I'm missing the point.
-
My point is under the old policy we could patch the issue and 1 hour later the entire world knows, before we've had time to investigate it. Maybe there is regulatory requirements we need to look in to, maybe we want to prepare our support team with info about the issue, etc
- Još 11 drugih odgovora
Novi razgovor -
-
-
And tbh, “researcher discretion” is not clear. Anything more concrete is better than something undefined
-
(as a vendor)
Kraj razgovora
Novi razgovor -
-
-
I seem to be missing some context here. What policy recently changed?
-
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html … Google PZ changed their policy about disclosure. I think it's better, but 90 days is still a long time. The main reason I think it's better is it removes ambiguities like "researcher discretion".
- Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.