Siderea, Sibylla BostoniensisHey cyber security peeps, is there some sort of best practice or algorithm for determining *how long* one should give a corporate entity after notifying them of a serious security issue before going public about it?
samir, actually the xkcd top hat guy@siderea I think it depends on how wary you are of corporations deciding to drag you through the courts.
If you don’t care about that, then perhaps Google Project Zero’s policy is appropriate. https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html
foldl