image credit: pixabay

Google’s Project Zero is now being more considerate with how it discloses security vulnerabilities

January 8, 2020

Via: The Verge

Google’s Project Zero cybersecurity team is trialling a new policy where it won’t make security vulnerabilities public early after a fix has been issued. “Full 90 days by default, regardless of when the bug is fixed,” is the team’s new policy, which it will trial for a year before deciding whether to adopt it permanently.

Under the old system, Project Zero’s researchers would give vendors 90 days to fix an issue before making the problem public. However, if a patch was issued within that 90 day window, it would disclose the vulnerability early.

Read More on The Verge