@quarkslab for instance Sleep Attack (CVE-2020-8705) initially had a 90 day disclosure timeline, but in the end took almost a year to coordinate with between Intel, the BIOS vendors and the OEMs since it required new Management Engine firmware to be deployed. https://trmm.net/Sleep_attack/
@quarkslab (but I was never asked if I would fix the problem for them... and even now I'm not sure exactly how Intel worked around the Bootguard fuse misconfiguration, so the mitigation section of my writeup is speculative)