> > Is there an upper bound on the time-before-disclosure? > While I'm not aware of a formal policy, from my experience the VMT has done a good job of getting fixes in place ASAP. -bryan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131119/d9d56e99/attachment.html>