May 21, 2026
May 21, 2026
the 90 day disclosure policy is dead :: Himanshu Anand :: Threat Notes
TLDR The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world is gone. LLMs have compressed both timelines to near-zero. I have seen it first hand, and so has everyone else paying attention. This post lays out why the old model is broken, with real stories, and makes one ask to the industry: treat every critical security issue as P0 and patch it immediately.
Missing Intelligence: The Trump Administration, Iran and the US Intelligence Community | Royal United Services Institute
Despite intelligence dominance in the war with Iran, events suggest the US intelligence community is having little influence on White House decision-making.
Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran
Fast16 didn't predate Stuxnet but was contemporaneous with it. It also wasn't aimed at altering nuclear weapons but was simply feeding false data to engineers about the nuclear detonation tests they were conducting, in order to trick them into believing the tests were failing.
Don't miss what's next. Subscribe to the grugq's newsletter:
Share this email:
Add a comment: