So the new P0 policy is to disclose details only after 90 days even if vendor releases the patch after 20 days. That means people will wait for 70 days before patching because nobody tells them what the bug exactly is and if it is really worth patching 
-
-
:+) it still is about prioritising though, not active deprioritization of something that would have otherwise occurred - which is what, maybe erroneously, I've read in Stefan's tweet.
-
Ah, we're well staffed and the difference between prioritized and not is small, but I think we're the exception. I've heard gov change management horror stories, for example.
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
