When the AppCheck research team identifies a vulnerability in another vendors product, the following steps are taken:
AppCheck provides a detailed technical write-up to the vendors security team or appropriate contact.
AppCheck will work with the vendor to provide further assistance in recreating the vulnerability and its associated impact.
In keeping with industry standard, AppCheck will publish an advisory once a remediation is made public by the vendor. This advisory will typically be published within the same week as the vendors own publication, however in some cases AppCheck may limit the technical information provided in the advisory for up to 30 days if requested by the vendor.
In the event the vendor does not respond and/or offer a fix for the vulnerability, AppCheck will release an advisory 90 days following the first contact barring extenuating circumstances.