Today is day 91, so the issue is now public. I consider this relatively low severity, but you could take down an entire Windows fleet relatively easily, so it's worth being aware of. https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 …
-
-
Three months is a very generous amount of time to develop and deploy a patch. If your vendor claims otherwise, then what are they going to do when a 0day is found in the wild? Ask the hackers for a 14 day grace extension?

-
So re https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html?m=1 … If you reported on 27 Feb, and patched 1 Mar, and disclosed 7 Mar, then it either took Google just shy of 90 days to release a patch (knowing it was being exploited in the wild), or you gave MS like 2 weeks to fix. Either way...
- 1 more reply
New conversation -
-
-
Fair call, thanks for clarifying.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.