Disclosure
In some circumstances we will uncover vulnerabilities or design flaws, we believe and practice proper disclosure. Prior to releasing vulnerabilities to the public, we notify vendors 7 to 14 days prior to public disclosure. This gives the ability to the vendor to issue a patch or upgrade before disclosure happens.
Of course, some vendors do not like this because it shines line on their security through obscurity. We believe hiding from vulnerabilities will only leave users at risk thus properly disclosing it to the public will put pressure for quicker patches.
All Tags: CVE, Full Disclosure, SecLists, Timeline