Research firm Secunia recently announced that software vendors will be given six months to fix vulnerabilites reported through the Secunia Vulnerability Coordination Reward Program (SVCRP).
"Secunia's previous deadline had been established in 2003 and was one year," writes Computerworld's Lucian Constantin. "The decision to reduce it came after studying the history of the company's vulnerability coordination efforts."
"The new deadline is similar to what other security firms currently enforce," Constantin writes. "For example, Hewlett-Packard subsidiary TippingPoint, which runs the well known Zero Day Initiative (ZDI) program, has had a six-month deadline for fixing vulnerabilities reported to vendors since the beginning of last year."
Go to "Secunia sets six-month deadline for vulnerability disclosures" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.