Google backs off (somewhat) on Project Zero policy

By /

Google has come under fire from security experts recently for their strict adherence to a policy of publicly disclosing vulnerabilities – including publishing the exploit code – if software vendors didn’t patch those vulnerabilities within 90 days after Google reported them, regardless of circumstances.

After making public disclosures of vulnerabilities in both Microsoft and Apple software under this policy and getting a lot of backlash over the possible negative effects of making the details of vulnerabilities public to potential attackers, the company has instituted a 14 day grace period.

Read more here:
http://www.windowsecurity.com/backend/articles/blogpost/add/

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Static vs Dynamic IP Address

Static vs Dynamic IP Address

Most people are familiar with Internet Protocol (IP) Addresses, but many people don’t know you have 2 types. In this article, you’ll learn about static…

Read More »

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top