Sure it's acceptable - especially, if you sell the 0-day to agencies who pay a fortune for it...
On Fri, Apr 19, 2013 at 10:26 PM, <[email protected]> wrote: > VUPEN Security Research <[email protected]> wrote in > http://www.securityfocus.com/archive/1/526402 > : > > X. DISCLOSURE TIMELINE > > 2012-02-15 - Vulnerability Discovered by VUPEN > > 2013-03-06 - Vulnerability Exploited At Pwn2Own 2013 and Reported to > Adobe > > 2013-04-17 - Public disclosure > > Is a delay of a year before reporting to the vendor, acceptable? > > Thanks, Paul > > Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of Sydney Australia > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD skype:rc46fi gplus.to/gregor twitter.com/#/2smart4u
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
