There are ways to bury a breach disclosure other than waiting until after 3 pm on the Friday of a holiday weekend.
Brian Krebs reports:
Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.
Read more on KrebsOnSecurity.com, including the firm’s comments and responses in comments under that post.