Fair enough, but that can be countered by very minimal disclosure in the beginning, just that a vulnerability exists and it has been notified.
Even if we don't do that, I think we should at least reveal the issue after it's been fixed in all the cases so that other entities can learn from that.
Even if we don't do that, I think we should at least reveal the issue after it's been fixed in all the cases so that other entities can learn from that.