alt Hacker News> One vulnerability is still not fixed after a 90-day disclosure window that ended in October 2024. It remains unaddressed as of this publication.
curious why now. should they public it last year after 90-day disclosure window ended?
Replies
dadrian • last Thursday at 5:42 PM
The 90-day disclosure window is an arbitrary courtesy, not a binding contract about the behavior of either party. They probably had other things to do.
They can publish it whenever they want. There's no actual rules about this stuff. The 90 window is a courtesy.