Google Relaxes Project Zero Bug Disclosure Policy

googlesearchGoogle's security team Project Zero recently announced some changes to its bug disclosure policy after controversially exposing Apple and Microsoft security flaws when the companies failed to meet the 90-day deadline. The new disclosure deadline has a 14-day grace period and excludes weekends and public holidays, providing tech companies with more time to properly address security vulnerabilities in their software.

"We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."

Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public.

The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.

Popular Stories

Beyond iPhone 13 Better Blue Face ID Single Camera Hole

10 Reasons to Wait for Next Year's iPhone 17

Friday September 13, 2024 2:40 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
Generic iOS 18 Feature Real Mock

Apple Shares Full List of Over 250 New Features and Changes Coming With iOS 18

Wednesday September 11, 2024 7:16 am PDT by
Following its iPhone 16 event on Monday, Apple shared a PDF on its website with a list of all new features and changes coming with iOS 18. The list includes many features that were already announced, including Apple Intelligence, new customization options for the Home Screen and Control Center, a redesigned Photos app, several enhancements to the Messages app, a Passwords app, and more....
iphone 16 pro models 1

Skipping the iPhone 16 Pro? Here's What's Rumored for iPhone 17 Pro

Wednesday September 11, 2024 8:20 am PDT by
Will you be skipping the iPhone 16 Pro and waiting another year to upgrade? If so, we already have some iPhone 17 Pro rumors for you. Below, we recap key new features rumored for the iPhone 17 Pro models so far: 24MP front camera for all iPhone 17 models: All four iPhone 17 models will feature an upgraded 24-megapixel front-facing camera, according to Apple supply chain analysts Ming-Chi...
iphone 16 pro colors 1

Here's When iPhone 16 Pre-Orders Begin in Every Time Zone

Thursday September 12, 2024 6:12 am PDT by
Pre-orders for the iPhone 16, ‌iPhone 16‌ Plus, iPhone 16 Pro, and ‌iPhone 16 Pro‌ Max are set to begin on Friday, September 13 at 5:00 a.m. Pacific Time, with the new devices set to become available in multiple countries around the world simultaneously. We've compiled pre-order times for various countries to help MacRumors readers be among the first to order. This list isn't...
iphone 16 pro apple intelligence

iPhone 16 Pro and Pro Max Shipping Estimates Extending Into October

Friday September 13, 2024 5:48 am PDT by
Apple began accepting pre-orders for all four new iPhone 16 models today, and shipping estimates for the iPhone 16 Pro and Pro Max on Apple's online store in the U.S. are already beginning to slip into October for many configurations. As of 6:45 a.m. Pacific Time, the iPhone 16 Pro and Pro Max were facing a 2-4 week shipping delay for some configurations on Apple's online store, with...
iphone 16 pro apple intelligence

Apple Intelligence Features Expected to Roll Out in This Order Between iOS 18.1 and iOS 18.4

Friday September 13, 2024 1:01 pm PDT by
iOS 18 will be released to the public on Monday, but the first Apple Intelligence features will not be available until iOS 18.1 is released in October. Apple Intelligence features will continue to roll out in iOS 18.2 and beyond, with the expected roadmap outlined below per Apple's website and rumors. Apple Intelligence requires an iPhone 15 Pro model or any iPhone 16 model, and it will...
Generic iOS 18 Feature Real Mock

iOS 18 Available Tomorrow With These 8 New Features For Your iPhone

Sunday September 15, 2024 10:09 am PDT by
Following over three months of beta testing, iOS 18 will finally be widely released to the public this Monday, September 16. The update should be available to install tomorrow starting at around 10 a.m. Pacific Time (1 p.m. Eastern Time) in the Settings app under General → Software Update on the iPhone XS and newer. Below, we have highlighted eight key new features included in iOS 18, and...

Top Rated Comments

viorelgn Avatar
125 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.
Score: 44 Votes (Like | Disagree)
sualpine Avatar
125 months ago
Oh gee, Google, thanks. Thank you so much for being less of an ass trying to audit every single other company's software, except for your own. Has the Lollipop memory leak been fixed yet? Where is 5.0.3?
Score: 30 Votes (Like | Disagree)
kuwxman Avatar
125 months ago
The normal Google haters in here ignoring that them doing this is a good thing for everyone...
Score: 22 Votes (Like | Disagree)
Musocat Avatar
125 months ago
What a bunch of assbags.
Score: 22 Votes (Like | Disagree)
marzer Avatar
125 months ago
I don't see how this could be a bad thing. It's not like they are finding bogus issues, it's all been legitimate vulnerabilities. If Apple and MS were against it, they could step up their own internal efforts to find and fix vulnerabilities before a third party can expose them. I think this is a really good thing for users. It's a really good thing for security.
Score: 15 Votes (Like | Disagree)
till213 Avatar
125 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.

I couldn't give less than a rat's ass for whatever reasons Google digs out security issues with their competitor's products. Someone does it. Security issues get fixed (or not). That's all that counts.

If Google doesn't reveal those issues, chances are that they go unnoticed by the good guys - but the bad guys are already exploiting them, so making security issues public after a grace period makes the world a better place.

It's that simple.
Score: 12 Votes (Like | Disagree)