Google Relaxes Project Zero Bug Disclosure Policy

googlesearchGoogle's security team Project Zero recently announced some changes to its bug disclosure policy after controversially exposing Apple and Microsoft security flaws when the companies failed to meet the 90-day deadline. The new disclosure deadline has a 14-day grace period and excludes weekends and public holidays, providing tech companies with more time to properly address security vulnerabilities in their software.

"We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."

Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public.

The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.

Popular Stories

maxresdefault

iPhone SE 4 With Face ID Said to Be Priced Below $500

Monday May 20, 2024 3:43 am PDT by
Apple is targeting a sub-$500 starting price for its upcoming fourth-generation iPhone SE model despite a raft of rumored upgrades coming to the more affordable device. According to leaker Revegnus on X, the U.S. launch price of the fourth-generation iPhone SE will either remain at the same $429 starting price as the current model, or will see an increase of around 10%. Either way, Apple's...
iOS 17

Apple Releases iOS 17.5.1 With Fix for Reappearing Photos Bug

Monday May 20, 2024 10:11 am PDT by
Apple today released iOS 17.5.1 and iPadOS 17.5.1, minor updates to the iOS 17 and iPadOS 17 operating system updates that came out last September. The 17.5.1 updates come a week after the launch of iOS 17.5 and iPadOS 17.5. iOS 17.5.1 and iPadOS 17.5.1 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's...
iPhone 16 Pro Max Generic Feature 2

5 Biggest Changes Rumored for iPhone 16 Pro Max

Tuesday May 21, 2024 7:29 am PDT by
Given Apple's rumored plan to add an all-new high-end tier to its iPhone 17 series in 2025, this could be the year for Apple to bring its boldest "Pro Max" model to the table — the kind of iPhone 16 upgrade that stands tall above its siblings, both figuratively and literally. If you have been holding out for the iPhone 16 Pro Max, here are five of the biggest changes rumored to be coming...
microsoft surface pro qualcomm

Microsoft Says New Surface Pro is Faster Than 15" M3 MacBook Air

Monday May 20, 2024 3:19 pm PDT by
Microsoft is going all in on AI, today introducing a series of Copilot+ PCs that have AI-focused hardware. The new Surface Pro is one of the first Copilot+ PCs, equipped with Qualcomm's Arm-based Snapdragon X Elite processor. Microsoft is already pitting the Surface Pro against Apple's M3 MacBook Air, and in marketing materials, claims that the Surface Pro has superior processing power and...
iPhone 16 Camera Lozenge 2 Perspective

iPhone 16 Lineup Rumored to Come in These Two New Colors

Sunday May 19, 2024 11:08 am PDT by
Apple analyst Ming-Chi Kuo today outlined his expectations for the iPhone 16 lineup's color options, revealing that two new colors should replace two of the existing shades. Kuo outlined his expectations in a post on X (formerly Twitter) earlier today. He believes that the iPhone 16 Pro and iPhone 16 Pro Max will be available in black, white or silver, gray or "Natural Titanium," and rose....

Top Rated Comments

viorelgn Avatar
121 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.
Score: 44 Votes (Like | Disagree)
sualpine Avatar
121 months ago
Oh gee, Google, thanks. Thank you so much for being less of an ass trying to audit every single other company's software, except for your own. Has the Lollipop memory leak been fixed yet? Where is 5.0.3?
Score: 30 Votes (Like | Disagree)
kuwxman Avatar
121 months ago
The normal Google haters in here ignoring that them doing this is a good thing for everyone...
Score: 22 Votes (Like | Disagree)
Musocat Avatar
121 months ago
What a bunch of assbags.
Score: 22 Votes (Like | Disagree)
marzer Avatar
121 months ago
I don't see how this could be a bad thing. It's not like they are finding bogus issues, it's all been legitimate vulnerabilities. If Apple and MS were against it, they could step up their own internal efforts to find and fix vulnerabilities before a third party can expose them. I think this is a really good thing for users. It's a really good thing for security.
Score: 15 Votes (Like | Disagree)
till213 Avatar
121 months ago
How many Android phones are out there with vulnerabilities unpatched? Google is doing this to sabotage their competitors. I don't believe their humanitarian story one bit.

I couldn't give less than a rat's ass for whatever reasons Google digs out security issues with their competitor's products. Someone does it. Security issues get fixed (or not). That's all that counts.

If Google doesn't reveal those issues, chances are that they go unnoticed by the good guys - but the bad guys are already exploiting them, so making security issues public after a grace period makes the world a better place.

It's that simple.
Score: 12 Votes (Like | Disagree)