Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Hence, in the case of known exploitation, it's usually best to consider disclosing what is known about the vulnerability—hopefully with some mitigation instructions—as soon as possible even if a patch is not yet available. From the vendor's standpoint, acknowledging that you're already aware of the vulnerability and are working on a fix can help restore users' confidence in your product and the process that produced it.


< 6.5 Independent Discovery | 6.7 Relationships that Go Sideways >