A majority 32% of security professionals polled believe 60 days is a reasonable time for allowing a software supplier to fix a vulnerability before full public disclosure

https://www.computerweekly.com/news/252440691/Majority-security-pros-favour-shorter-disclosure-deadline