Google's Project Zero is testing new vulnerability disclosure procedures

The vulnerability-finding Project Zero has found Google on the end of both criticism and praise, but there has long been concern about the policy of being very quick to reveal details of vulnerabilities that have been discovered. Previously Project Zero has given software developers a 90-day window of opportunity to fix bugs before it goes public. Details of vulnerabilities would also be published as soon as a fix was released. For 2020, Google is trying something new. The company will wait a full 90 days before disclosing a vulnerability, regardless of when the bug is fixed. For some developers and… [Continue Reading]