The policy basically gives the vendor 5 working days to respond to the originator of the problem.
If no contact is made by the vendor to the originator in 5 days, the issue is recommended to be disclosed to the general community. The originator should help the vendor to reproduce the problem, and to work out a fix. The originator should delay notifying the general community about the problem if the vendor provides feasible reasons for requiring so.
If the vendor fails to respond or shuts down communication with the originator of the problem in more than 5 days, the originator should disclose the issue to the general community. The vendor should give the originator proper credits about reporting the bug, when issuing an alert / fix.
External links: