It’s been a half decade since we last updated our disclosure policy and it’s time for us to iterate on our policy again. As we detailed in our previous post, while there is inherit value to our subscription customers to maximize our 0-day shelf life… empirically, we can state that such vulnerabilities can go unpatched for inordinately long times and it is in the best interest of the community at large to keep vendors informed. As of the time of this writing we have adopted the following simple disclosure policy.
This policy applies to both internally generated research as well as any research acquired through our Research Sponsorship Program (RSP), an effort we maintain to crowd source both 0-day and n-day research from individual contributors around the globe.
If you’re interested in learning more about our our subscriptions, we welcome you to reach out to us at [email protected].