Comment by spijdar

Oh, I 100% agree. The companies are more than capable of preparing fixes in that time. I meant from the perspective of the end user businesses, even if they prioritize the patches (which isn't a given) these vendors take ages to fix anything.

And I mean, that's a part of why you release these vulnerabilities publicly anyway, to pressure them into fixing their crap. I just worry a bit that if the window is too small, they'll just shrug their shoulders and put out a PR piece about how the vuln isn't actually that big a deal or something.