Google Relaxes Project Zero Bug Disclosure Policy

googlesearchGoogle's security team Project Zero recently announced some changes to its bug disclosure policy after controversially exposing Apple and Microsoft security flaws when the companies failed to meet the 90-day deadline. The new disclosure deadline has a 14-day grace period and excludes weekends and public holidays, providing tech companies with more time to properly address security vulnerabilities in their software.

"We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."

Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public.

The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.

Top Rated Comments

viorelgn Avatar
96 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.
Score: 44 Votes (Like | Disagree)
sualpine Avatar
96 months ago
Oh gee, Google, thanks. Thank you so much for being less of an ass trying to audit every single other company's software, except for your own. Has the Lollipop memory leak been fixed yet? Where is 5.0.3?
Score: 30 Votes (Like | Disagree)
kuwxman Avatar
96 months ago
The normal Google haters in here ignoring that them doing this is a good thing for everyone...
Score: 22 Votes (Like | Disagree)
Musocat Avatar
96 months ago
What a bunch of assbags.
Score: 22 Votes (Like | Disagree)
marzer Avatar
96 months ago
I don't see how this could be a bad thing. It's not like they are finding bogus issues, it's all been legitimate vulnerabilities. If Apple and MS were against it, they could step up their own internal efforts to find and fix vulnerabilities before a third party can expose them. I think this is a really good thing for users. It's a really good thing for security.
Score: 15 Votes (Like | Disagree)
till213 Avatar
96 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.

I couldn't give less than a rat's ass for whatever reasons Google digs out security issues with their competitor's products. Someone does it. Security issues get fixed (or not). That's all that counts.

If Google doesn't reveal those issues, chances are that they go unnoticed by the good guys - but the bad guys are already exploiting them, so making security issues public after a grace period makes the world a better place.

It's that simple.
Score: 12 Votes (Like | Disagree)

Popular Stories

airpods pro 2 1

AirPods Pro 2 No Longer Expected to Feature Built-In Heart Rate or Body Temperature Sensor

Sunday July 3, 2022 8:07 pm PDT by
While past rumors have indicated the upcoming second-generation AirPods Pro will feature a built-in heart rate and body temperature sensor, Bloomberg's Mark Gurman has cast doubt on those rumors turning out to be true, saying instead such a feature is unlikely to come anytime soon. "Over the past few months, there have been rumors about this year's model gaining the ability to determine a...
Apple Watch 8 Unreleased Feature Thumb

Apple Watch Series 8 Model Rumored to Feature 5% Larger Display

Monday July 4, 2022 5:50 am PDT by
Apple is working on an Apple Watch Series 8 model with a larger display, according to DSCC's Ross Young and Haitong International Securities's Jeff Pu. In October last year, Young suggested that the Apple Watch Series 8 could come in three display sizes. Now, responding to a query about the rumor on Twitter, Young claims that the additional display size joining the Apple Watch lineup will be ...
intel go pc justin long

Windows Laptop Makers 'Worried' About New MacBook Air Impacting Sales

Tuesday July 5, 2022 6:57 am PDT by
The upcoming launch of Apple's redesigned MacBook Air with the M2 chip has some Windows laptop manufacturers "worried" that sales of Intel-based laptops will be negatively affected, according to industry sources cited by DigiTimes. "A Wintel brand vendor pointed out that at a price point of US$1,000-$1,500, the MacBook Air will crowd out other high-end notebooks," the report claims, with...
European Commisssion

EU Approves Landmark Legislation to Regulate Apple and Other Big Tech Firms

Tuesday July 5, 2022 5:53 am PDT by
European Union lawmakers have approved landmark legislation to heavily regulate Apple, Google, Meta, and other big tech firms. The Digital Markets Act (DMA) and Digital Services Act (DSA) were proposed by the European Commission in December 2020. Now, collected in a "Digital Services Package," the legislation has been formally adopted by the European Parliament and seeks to address...
macbook air m2 order date feature

Apple Announces MacBook Air With M2 Chip Available to Order Starting July 8, Launches July 15

Wednesday July 6, 2022 4:59 am PDT by
Apple today announced that the new MacBook Air equipped with the M2 chip will be available to order starting Friday, July 8 at 5 a.m. Pacific Time. Apple said deliveries to customers and in-store availability will begin Friday, July 15. MacRumors exclusively reported that Apple planned to launch the new MacBook Air on July 15, and the date has now been confirmed by Apple. Customers will be...
top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Lockdown Mode Feature

Apple Announces New Lockdown Mode on iOS 16 With 'Extreme' Level of Security

Wednesday July 6, 2022 10:00 am PDT by
Apple today announced a new Lockdown Mode coming to the iPhone, iPad, and Mac with iOS 16, iPadOS 16, and macOS Ventura. Apple says the optional security feature is designed to protect the "very small number" of users who may be at risk of "highly targeted cyberattacks" from private companies developing state-sponsored spyware, such as journalists, activists, and government employees. Apple...
siri remote 3

Apple Releases Firmware Update for Apple TV Siri Remote

Tuesday July 5, 2022 12:10 pm PDT by
Apple today released new firmware for the Siri Remote designed for the Apple TV, updating the software from version 9M6772 to 10M1103. The software is for the redesigned Siri Remote that was released in May 2021, aka the gray remote with the updated interface. In the Apple TV settings, the new firmware will display as 0x0070, up from 0x0061. There is no word on what's new with the Apple TV...