13:30 CET, 20th January 2012 By Secunia.
In the article ‘Secunia Sets Six-Month Deadline for Vulnerability Disclosures’, Lucian Constantin discusses Secunia’s new deadline for software vendors to fix vulnerabilities reported through the Secunia Vulnerability Coordination Reward Program (SVCRP) before going public with them.
Carsten Eiram, Secunia’s Chief Security Specialist says, "It seems to be a deadline that most vendors should be able to live up to. It is important to pick a deadline that provides vendors with ample time to develop proper fixes for most cases without providing too much time to 'slack off'."
However, in situations when more time is needed to address a security problem, Secunia is willing to wait longer without disclosing the vulnerability publicly when it believes that such an extension is justified.
Representatives from Adobe and Microsoft's Trustworthy Computing Group also share their views on the new deadline.
To read the article in full, visit CIO here.
Subject: CIO: Secunia’s new vulnerability disclosure deadline