Facebook Debuts Third-Party Vulnerability Disclosure Policy
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.
4 Sep 2020 ... For instance, if Facebook determines that disclosing a security vulnerability sooner “serves to benefit the public or the potentially impacted people ...