Google Relaxes Project Zero Bug Disclosure Policy - MacRumors
Skip to Content

Google Relaxes Project Zero Bug Disclosure Policy

by

googlesearchGoogle's security team Project Zero recently announced some changes to its bug disclosure policy after controversially exposing Apple and Microsoft security flaws when the companies failed to meet the 90-day deadline. The new disclosure deadline has a 14-day grace period and excludes weekends and public holidays, providing tech companies with more time to properly address security vulnerabilities in their software.

"We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."

Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public.

The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.

Tags: Google, Project Zero

Popular Stories

google gemini

Apple Can Create Smaller On-Device AI Models From Google's Gemini

Wednesday March 25, 2026 9:53 am PDT by
Apple has full access to Gemini to customize the model for Siri and other AI features, reports The Information. Google gave Apple "complete access" to the Gemini model in its own data centers, and Apple can use the access for distillation, or creating smaller models for specific tasks. Apple is able to design models that are built to run on Apple devices without the need to connect to the...
Read Full Article85 comments
Chrome Feature 22

Google Claims Android Is Now Faster Than iPhone for Web Browsing

Wednesday March 25, 2026 10:00 am PDT by
Google today said that Android has set a new record for mobile web performance, making it the fastest mobile platform for web browsing. The newest Android devices have set new records on web performance benchmarks like Speedometer and LoadLine, which Google attributes to "deep vertical integration across hardware, the Android OS, and the Chrome engine." Speedometer simulates real-world...
Read Full Article150 comments
google gemini

Google Launches Gemini Import Tool for Switching From ChatGPT, Claude, and Other AI Apps

Thursday March 26, 2026 3:58 pm PDT by
Google is adding a new memory import feature to Gemini, making it easier for customers to switch to Gemini AI from another AI service. Users can import memories, context, and chat history from other AI apps. Importing memory will provide Gemini with an understanding of a user's preferences, relationships, and personal context. Google says that Gemini will understand the same key facts that...
Read Full Article21 comments

Top Rated Comments

viorelgn Avatar
viorelgn
146 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.
Score: 44 Votes (Like | Disagree)
sualpine Avatar
sualpine
146 months ago
Oh gee, Google, thanks. Thank you so much for being less of an ass trying to audit every single other company's software, except for your own. Has the Lollipop memory leak been fixed yet? Where is 5.0.3?
Score: 30 Votes (Like | Disagree)
K
kuwxman
146 months ago
The normal Google haters in here ignoring that them doing this is a good thing for everyone...
Score: 22 Votes (Like | Disagree)
Musocat Avatar
Musocat
146 months ago
What a bunch of assbags.
Score: 22 Votes (Like | Disagree)
marzer Avatar
marzer
146 months ago
I don't see how this could be a bad thing. It's not like they are finding bogus issues, it's all been legitimate vulnerabilities. If Apple and MS were against it, they could step up their own internal efforts to find and fix vulnerabilities before a third party can expose them. I think this is a really good thing for users. It's a really good thing for security.
Score: 15 Votes (Like | Disagree)
T
till213
146 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.

I couldn't give less than a rat's ass for whatever reasons Google digs out security issues with their competitor's products. Someone does it. Security issues get fixed (or not). That's all that counts.

If Google doesn't reveal those issues, chances are that they go unnoticed by the good guys - but the bad guys are already exploiting them, so making security issues public after a grace period makes the world a better place.

It's that simple.
Score: 12 Votes (Like | Disagree)
Read All Comments