If Yahoo or Google discovers a security flaw in software and the software vendor doesn't patch it within 90 days, too bad - the policy is to release the information to the public. This approach has both positive and negative consequences. Advocates say this forces software vendors to take action in a more timely manner. Detractors say it gives attackers information they can use to exploit the vulnerability.
Find out more here: