Google backs off (somewhat) on Project Zero policy

Google has come under fire from security experts recently for their strict adherence to a policy of publicly disclosing vulnerabilities – including publishing the exploit code – if software vendors didn’t patch those vulnerabilities within 90 days after Google reported them, regardless of circumstances.

After making public disclosures of vulnerabilities in both Microsoft and Apple software under this policy and getting a lot of backlash over the possible negative effects of making the details of vulnerabilities public to potential attackers, the company has instituted a 14 day grace period.

Read more here:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top