Google Relaxes Project Zero Bug Disclosure Policy

googlesearchGoogle's security team Project Zero recently announced some changes to its bug disclosure policy after controversially exposing Apple and Microsoft security flaws when the companies failed to meet the 90-day deadline. The new disclosure deadline has a 14-day grace period and excludes weekends and public holidays, providing tech companies with more time to properly address security vulnerabilities in their software.

"We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."

Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public.

The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.

Top Rated Comments

viorelgn Avatar
112 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.
Score: 44 Votes (Like | Disagree)
sualpine Avatar
112 months ago
Oh gee, Google, thanks. Thank you so much for being less of an ass trying to audit every single other company's software, except for your own. Has the Lollipop memory leak been fixed yet? Where is 5.0.3?
Score: 30 Votes (Like | Disagree)
kuwxman Avatar
112 months ago
The normal Google haters in here ignoring that them doing this is a good thing for everyone...
Score: 22 Votes (Like | Disagree)
Musocat Avatar
112 months ago
What a bunch of assbags.
Score: 22 Votes (Like | Disagree)
marzer Avatar
112 months ago
I don't see how this could be a bad thing. It's not like they are finding bogus issues, it's all been legitimate vulnerabilities. If Apple and MS were against it, they could step up their own internal efforts to find and fix vulnerabilities before a third party can expose them. I think this is a really good thing for users. It's a really good thing for security.
Score: 15 Votes (Like | Disagree)
till213 Avatar
112 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.

I couldn't give less than a rat's ass for whatever reasons Google digs out security issues with their competitor's products. Someone does it. Security issues get fixed (or not). That's all that counts.

If Google doesn't reveal those issues, chances are that they go unnoticed by the good guys - but the bad guys are already exploiting them, so making security issues public after a grace period makes the world a better place.

It's that simple.
Score: 12 Votes (Like | Disagree)

Popular Stories

iOS 17 and iPhones Feature

iOS 17: 10 New Features That Just Launched

Sunday September 17, 2023 12:35 pm PDT by
In June, Apple announced iOS 17 with a wide range of new features and changes for the iPhone. Following over three months of beta testing, the free software update will be released this Monday, September 18 for the iPhone XS and newer. Below, we have recapped 10 key features coming to the iPhone with iOS 17, with additional features coming later this year. The update should be released to...
iPhone 15 Pro Lineup Feature

iPhone 15 Models Feature New Setting to Strictly Prevent Charging Beyond 80%

Tuesday September 19, 2023 2:04 pm PDT by
All of the iPhone 15 and iPhone 15 Pro models feature a new battery health setting that prevents the devices from charging beyond 80% at all times when enabled, as confirmed by The Verge's Allison Johnson during a Q&A session today. The new setting is separate from the pre-existing Optimized Battery Charging feature on iPhones, which intelligently delays charging past 80% until a more...
maxresdefault

Apple Releases iOS 17 With StandBy, Live Voicemail, Improved Autocorrect, FaceTime Video Messages and Tons More

Monday September 18, 2023 10:05 am PDT by
Apple today released iOS 17 and iPadOS 17, the latest operating system updates that are designed for the iPhone and iPad. As with all of Apple's software updates, iOS 17 and iPadOS 17 are available for free. iOS 17 is compatible with the iPhone XR/iPhone XS and later, while iPadOS 17 runs on the iPad mini 5 and later, the iPad 6 and later, iPad Air 3 and later, the second-generation 12.9-inch...
flighty standby

Best Apps With New iOS 17 and watchOS 10 Features

Monday September 18, 2023 3:02 pm PDT by
With the release of a new operating system, there are multiple features and design elements for developers to adopt. Now that iOS 17 is out, many major apps are getting interesting updates today, which we've rounded up below. watchOS 10 also has a new design language, so there are a range of Apple Watch updates to check out too. Flighty (Free, Premium Subscription) Popular flight tracking...