Our vulnerability disclosure policy aims to achieve 2 things. Ensure vendors are given a reasonable amount of time to address reported issues and to provide affected users with actionable vulnerability information.