Vulnerability research firm Secunia announced that vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme (SVCRP) Secunia’s previous deadline had been established in 2003 and was one year. The decision to reduce it came after studying the history of the company’s vulnerability coordination efforts. Secunia is willing to wait for an additional six months without disclosing the vulnerability publicly when it believes that such an extension is justified. Every vulnerability researcher or security company has its own policy regarding vulnerability disclosure deadlines.”]