Secunia Research strongly believes that a coordinated disclosure is the best approach to properly and efficiently address a vulnerability and thus protect a vendor's customers. However, software vendors too often deliberately fail to respond to vulnerability reports, don't respect the valuable work made by the researcher, or simply take too long to develop fixes thus leaving their customers exposed for an irresponsibly long period of time.
Based on years of experience with vendors of various sizes having various approaches and attitudes towards fixing vulnerabilities, Secunia Research has decided upon the following disclosure policy, which we find to be a reasonable "match" between a fair amount of engineering and quality assurance efforts and the need of providing a timely fix to vulnerabilities:
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.