That may be unduly pessimistic, but it is equally too optimistic to assume that a vulnerability does not exist until it is disclosed. So better to give both date ranges - the true period of vulnerability will lie somewhere between the two.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds