Google Announces Change to Company's Project Zero Bug Disclosure Policy

Recently, Changes to Google's bug disclosure policy were announced by the company's Project Zero security team. This comes as the Apple and Microsoft security flaws were exposed when they did not meet the 90 day deadline. Google's security team, Project Zero looks for the security flaws through the code of Google and other competitors. If any vulnerabilities are found, the team then notifies the flaws to vendors immediately giving them a 90 day deadline to provide a software patch. A fix can be made before the vulnerabilities get exposed to the public.

The new deadline given to them is a 14 day grace period that does not include weekends or public holidays. This is so that companise will have enough time to address the issue and come up with software fix to vulnerability.

According to the Project Zero, The giant tech company  noted that they have always played by the same rules even though it is their own tech team working on issues. This means that prior to the policy change, Google too had a 90 day deadline just like other companies. They proposed that Android and Chrome had to meet the same deadline policies as well.

Share on Google Plus