CHINA TOPIX

11/02/2024 05:39:31 pm

Make CT Your Homepage

Google's Project Zero Team Adds Disclosure Grace Period

google-project-zero

Google's Project Zero is loosening its rules regarding vulnerability disclosure.

Following both Microsoft and Apple's vulnerability outings, Google's Project Zero team is offering a new "grace period" to hold off vulnerability disclosure if the technology company has confirmed a patch is incoming.

Project Zero looks into various online platforms, to make sure technology is safer for everyone. When the team spots an issue, it sends the owner a warning about the issue, and if not patched in 90 days discloses the vulnerability.

Like Us on Facebook

This is a way for Google to push all technology firms to take vulnerabilities seriously, even if no attacker has created a way to exploit the vulnerability.

Google recently got into trouble when Microsoft revealed a Windows 8 vulnerability would have been patched in the next week, but Google outed the issue anyway, potentially opening the gates to attackers.

To make sure this doesn't happen again, Google will offer a 14-day grace period, holding off from spilling the beans for a fortnight.

This should be enough time for a patch to rollout and if it's not, Google will disclose the vulnerability. It does seem like a good way for responsive companies to make sure they stay in line with Project Zero's efforts.

Google normally sends the vulnerability data in packages, sending lots of small issues that need to be amended. If some are left unchanged, Google will detail what issues were addressed and what ones still need addressing.

It seems to have worked with some of the bigger companies. Some security experts want Google to fight against more technology companies that regularly drop the ball when it comes to security and bugs.

Real Time Analytics