You can now find Cyber Kendra on Google News | Telegram

Google Project Zero Extend its Bug Disclosure Period

Google Project Zero will wait 30 days before disclosing technical details about the vulnerabilities fixed within 90 days.

The Google Project Zero team has updated their vulnerability disclosure policies, continuing to make improvements to better address new issues as the security community grows.

According to the updated policies, Google Project Zero will wait 30 days before disclosing technical details about a vulnerability that was patched within a 90-day or seven-day (for zero-day vulnerabilities) time frame. This additional time will allow more users to install the hotfix.

Previously, researchers from Google Project Zero published details about the vulnerabilities they discovered 90 days after notifying the manufacturer of the vulnerable software, regardless of whether he had time to release a fix. However, vulnerabilities not fixed within 90 (7) days will continue to be disclosed as before.

Last year, the Google Project Zero team began updating their vulnerability disclosure policy with a focus on faster, more thorough patch deployment and more efficient implementation. However, her first attempt to achieve these goals yielded mixed results.

“In practice, however, we have not seen a significant shift in the patch development timeline and continued to receive feedback from vendors that they are concerned about publicly disclosing technical details about vulnerabilities and exploits before most users install the patch. In other words, the estimated timeline for implementing the fix was not clearly understood, ”the team explained.

In 2021, Google Project Zero decided to make the "patch distribution schedule an explicit part of the vulnerability disclosure policy" by granting an additional 30 days. Google considers the new 90 + 30 policy a "small retreat" in terms of quick technical disclosure, but plans to continue to "gradually reduce development and patching times."

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.