So the new P0 policy is to disclose details only after 90 days even if vendor releases the patch after 20 days. That means people will wait for 70 days before patching because nobody tells them what the bug exactly is and if it is really worth patching 
People are waiting already, unless they're going to wait even more, you don't consider it a problem?
-
-
No, I just don't think it's fair to say that folks will be waiting (more) *as a result of this change*. That the status of patching is an unmitigated disaster I fully agree on, hence my "for the sake of the argument" at the beginning
-
The only difference with this changes is less information. Therefore, patches that would have been prioritized with context will not be. In my opinion, that is waiting more.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
