-- Disclosure Timeline: 2006.02.27 - Pre-existing digital Vaccine released to TippingPoint customers 2006.08.31 - Vulnerability reported to vendor 2006.12.12 - Coordinated public release of advisory
I noticed this in a vuln report for a remote code execution in JavaScript for IE. Maybe this is a mistake, but it appears that TippingPoint aka 3Com took steps to protect/secure their customers 6 months before even reporting the issue. Surely this cannot be a standard security practice. Is this what corporate 0-day purchasing has forced? Vuln Disclosure? WTF? |