Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
January 8, 2020 12:00 pm

Googles Project Zero is now being more considerate with how it discloses security vulnerabilities




Illustration by Alex Castro / The Verge

Google’s Project Zero cybersecurity team is trialling a new policy where it won’t make security vulnerabilities public early after a fix has been issued. “Full 90 days by default, regardless of when the bug is fixed,” is the team’s new policy, which it will trial for a year before deciding whether to adopt it permanently.


Under the old system, Project Zero’s researchers would give vendors 90 days to fix an issue before making the problem public. However, if a patch was issued within that 90 day window, it would disclose the vulnerability early. This can be a problem, because it means users have to rush to patch a vulnerability before hackers can exploit it. A vulnerability might be fixed by the company, but that doesn’t matter if the...



Continue reading…




Original Link: https://www.theverge.com/2020/1/8/21056476/google-project-zero-90-day-disclosure-policy-vulnerability-early-cybersecurity

Share this article:    Share on Facebook
View Full Article

The Verge

The Verge is an ambitious multimedia effort founded in 2011

More About this Source Visit The Verge