Tenable CEO cites reports from several cybersecurity firms that indicate Microsoft is not being timely enough with its vulnerability disclosures and sometimes has a "dismissive" attitude.
New vulnerability disclosure rules announced by the Chinese government have raised the prospect of "zero-day hoarding," as anything discovered in the country must now be reported to the CCP and to no one else (in most cases).
Proposed EU Cyber Resilience Act includes a vulnerability disclosure requirement that would have all manufacturers report to the government within 24 hours of first discovered exploitation. In most cases, this would mean disclosing before the vulnerability has been mitigated.