I'm having a discussion with a vendor, maybe you can help me out. What's the goal of a security advisory?

As such, when should a security advisory be published?


To make this clear: this is about security advisories as published by the vendor. Just assuming that the researcher went for coordinated disclosure or no disclosure at all.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.