§ feed · storyline

The 90-day vulnerability disclosure policy is dead, as LLMs compress bug finding and exploit development time, and critical issues must be patched immediately (Himanshu Anand)

Himanshu Anand argues that LLMs have compressed exploit development timelines enough to render the 90-day vulnerability disclosure window obsolete, requiring immediate patching of critical issues.

May 11 · 10:35:41 · primary fetch1 sourceupdated May 11 · 10:35:41

Himanshu Anand: The 90-day vulnerability disclosure policy is dead, as LLMs compress bug finding and exploit development time, and critical issues must be patched immediately — Table of Contents — story 2: 30 minutes from patch to exploit — what the industry needs to do (and I am not sugarcoating this)

read full article on techmeme.com ↗

§ sources1 publication · timeline below

techmeme.comThe 90-day vulnerability disclosure policy is dead, as LLMs compress bug finding and exploit development time, and critical issues must be patched immediately (Himanshu Anand)primary10:35:41