Open pombredanne opened 4 years ago
ossf/wg-vulnerability-disclosures#18 there is this data sheet linked: https://docs.google.com/spreadsheets/d/1yr72lUOGOwUMbpVg9g-ET8L531_Yec0oqFbr88Gs8tQ/edit?usp=sharing It basically tells how long it takes for a vulnerability made public on HackerOne to be registered at the NVD and receive a proper CVE e.g. "Days CVE Disclosed after H1 Disclosed"
See https://hackerone.com/reports/274267 for example