Assume – you find a critical security vulnerability in your software product (through code inspection) and published a new version which contains the fix.
What are the next steps you should do. Do you let know your customer/evaluators, do you publish the security vulnerability on particular forums, are there any legal requirements …
The concern is that hackers might find out about the vulnerability before the users have had an opportunity to update their environment.
