The 90-day vulnerability disclosure policy is dead, as LLMs compress bug finding and exploit development time, and critical issues must be patched immediately
Table of Contents — story 2: 30 minutes from patch to exploit — what the industry needs to do (and I am not sugarcoating this)
Himanshu Anand
Related Coverage
- Dirty Frag: Universal Linux LPE V4bel on GitHub
- New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited In Attacks SecurityWeek · Eduard Kovacs
- The 90 Day disclosure policy is dead Hacker News
- the 90 day disclosure policy is dead Lobsters
- It's a bit hard to reconcile “LLMs are useless snake oil” with “LLMs have killed the 90-day disclosure window”. — https://blog.himanshuanand.com/ ... @ceejbot@toot.cat · C J Silverio
- Dirty Frag: Linux kernel hit by second major security flaw in two weeks The Record · Alexander Martin
- New ‘Dirty Frag’ exploit targets Linux kernel for root access CSO · Shweta Sharma
- AI turns patches into working exploits in 30 minutes, and the 90-day disclosure window is the casualty The Decoder · Maximilian Schreiner
- Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet ZDNET · Steven Vaughan-Nichols
- Linux bitten by second severe vulnerability in as many weeks Ars Technica · Dan Goodin
Discussion
-
r/netsec
r
on reddit
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.
-
Phoronix
Michael Larabel
on x
Linux 7.0.6 Released To Finish Mitigating the Dirty Frag Vulnerability
-
@swtch.com
Russ Cox
on bluesky
“Your monthly maintenance window is not a safety margin. It is an attack window.” — blog.himanshuanand.com/2026/05/the- ...
-
@kevinr.free-dissociation.com
Kevin Riggle
on bluesky
Another major Linux local root exploit just dropped. (Embargo was broken so we're still waiting on patches to land in the mainline kernel, let alone with distros) — github.com/V4bel/dirtyf...
-
@dinosn
Nicolas Krassas
on x
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice. https://blog.himanshuanand.com/ ...