Versions Compared

Old Version 7

changes.mady.by.user user-5e993

Saved on

compared with

New Version 8

changes.mady.by.user user-f8986

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Reasons to release early include:

  • evidence Evidence of active exploitation
  • vendor Vendor fails to respond, is not acting in good faith, or denies the existence of a vulnerability
  • vulnerability Vulnerability is known to be discovered by adversaries, so the race to defend vulnerable systems is more focused
  • all All known users have been notified and patched (usually via private channels)

Reasons to hold back release include:

  • vendor Vendor not ready with fix, but continuing to make progress and is acting in good faith
  • vulnerabilities Vulnerabilities with severe impact, especially those affecting safety-critical or critical infrastructure
  • cases Cases where new information is found late in the process, for example that there are important but previously unrecognized dependencies that alter the impact of the vulnerability or patch deployability

...