Reporting Transparency
This page tracks vulnerability disclosures following a 90-day deadline policy, inspired by P0.
Disclosure Policy
- A 90-day deadline is set from the date a vulnerability is reported.
- If a fix is released before the deadline, disclosure may happen 30 days after the patch.
- If the deadline expires without a fix, details may be publicly disclosed regardless of the fix status.
- Disclosures may be delayed for exceptional circumstances such as coordinated multi-party disclosure.
Active Reports
Vulnerabilities currently within the 90-day disclosure window:
| Reference | Vendor | Product | Reported | Deadline |
|---|---|---|---|---|
| - | - | - | - | - |
Nothing to display yet.
Fixed Vulnerabilities
Vulnerabilities that have been patched by the vendor:
| Reference | Vendor | Product | Reported | Fixed | Fix Time | CVE |
|---|---|---|---|---|---|---|
| - | - | - | - | - | - | - |
Nothing to display yet.
Deadline Exceeded
Vulnerabilities where the 90-day deadline expired without a fix:
| Reference | Vendor | Product | Reported | Deadline | CVE |
|---|---|---|---|---|---|
| - | - | - | - | - | - |
Nothing to display yet.
Notes
- Fix Time: Days between the report and the vendor’s patch.
- Reference: Internal tracking ID or link to the advisory/write-up.
I will update this page as vulnerabilities are reported and resolved although it may not be updated frequently.