Google Relaxes Project Zero Bug Disclosure Policy
Google's security team Project Zero recently announced some changes to its bug disclosure policy after controversially exposing Apple and Microsoft security flaws when the companies failed to meet the 90-day deadline. The new disclosure deadline has a 14-day grace period and excludes weekends and public holidays, providing tech companies with more time to properly address security vulnerabilities in their software.
"We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."
Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public.
The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.
Popular Stories
In June, Apple announced iOS 17 with a wide range of new features and changes for the iPhone. Following over three months of beta testing, the free software update will be released this Monday, September 18 for the iPhone XS and newer. Below, we have recapped 10 key features coming to the iPhone with iOS 17, with additional features coming later this year. The update should be released to...
All of the iPhone 15 and iPhone 15 Pro models feature a new battery health setting that prevents the devices from charging beyond 80% at all times when enabled, as confirmed by The Verge's Allison Johnson during a Q&A session today. The new setting is separate from the pre-existing Optimized Battery Charging feature on iPhones, which intelligently delays charging past 80% until a more...
Apple today released iOS 17 and iPadOS 17, the latest operating system updates that are designed for the iPhone and iPad. As with all of Apple's software updates, iOS 17 and iPadOS 17 are available for free. iOS 17 is compatible with the iPhone XR/iPhone XS and later, while iPadOS 17 runs on the iPad mini 5 and later, the iPad 6 and later, iPad Air 3 and later, the second-generation 12.9-inch...
With the release of a new operating system, there are multiple features and design elements for developers to adopt. Now that iOS 17 is out, many major apps are getting interesting updates today, which we've rounded up below. watchOS 10 also has a new design language, so there are a range of Apple Watch updates to check out too. Flighty (Free, Premium Subscription) Popular flight tracking...
Top Rated Comments
I couldn't give less than a rat's ass for whatever reasons Google digs out security issues with their competitor's products. Someone does it. Security issues get fixed (or not). That's all that counts.
If Google doesn't reveal those issues, chances are that they go unnoticed by the good guys - but the bad guys are already exploiting them, so making security issues public after a grace period makes the world a better place.
It's that simple.