Most security bugs get fixed without any public notice. Unless there was any breach of customer information (and that can be often verified), there are typically no legal requirements. And there's no real benefit to doing it either. Why would you expect it to happen?

▲

smarx007 6 days ago | parent | next [-]

> there are typically no legal requirements

Not after EU CRA https://en.m.wikipedia.org/wiki/Cyber_Resilience_Act goes into effect

▲

singleshot_ 6 days ago | parent | prev | next [-]

> Unless there was any breach of customer information (and that can be often verified), there are typically no legal requirements.

If the company is regulated by the SEC I believe you will find that any “material” breach is reportable after the determination of materiality is reached, since at least 2023.

▲

viraptor 6 days ago | parent [-]

Sure. And these types of "we fixed it and confirmed nobody actually exploited it" issues are not always treated as material. You can confirm that for example by checking SEC reports for each cve in commercial VPN gateways... or lack of.

	▲	5 days ago \| parent [-]
		[deleted]

▲

wredcoll 6 days ago | parent | prev | next [-]

The benefit, apparently, is that people like this guy don't cancel their memberships.

	▲	viraptor 6 days ago \| parent [-]
		And how many would cancel is they published every security issue they fixed?

▲

6 days ago | parent | prev [-]

[deleted]