TippingPoint s Zero Day Initiative (ZDI) will enforce a six-month deadline for patches on all vulnerabilities bought from the security research community and reported to software vendors. Microsoft, RealNetworks, Symantec, CA and Novell are among the most tardy vendors. There are about 90 vulnerabilities in the company’s queue that are more than six months old. The company may extend the deadline on a case-by-case basis if there is evidence that there are technical complications to shipping patches within that time frame.
Source: https://threatpost.com/vulnerability-broker-draws-line-disclosure-sand-080310/74290/

