The 90 Day disclosure policy is dead
Summary
The article argues that the traditional 90-day vulnerability disclosure window is obsolete in an era of AI-assisted bug hunting and rapid exploit development. It uses examples like Copy Fail and Dirty Frag to illustrate how quickly patches can be exploited and urges real-time, AI-driven defensive practices and immediate remediation for critical issues.