Google has come under fire from security experts recently for their strict adherence to a policy of publicly disclosing vulnerabilities – including publishing the exploit code – if software vendors didn’t patch those vulnerabilities within 90 days after Google reported them, regardless of circumstances.
After making public disclosures of vulnerabilities in both Microsoft and Apple software under this policy and getting a lot of backlash over the possible negative effects of making the details of vulnerabilities public to potential attackers, the company has instituted a 14 day grace period.
Read more here:
http://www.windowsecurity.com/backend/articles/blogpost/add/