April 17, 2021 01:36 pm
Original Link: https://www.theverge.com/2021/4/17/22389135/google-project-zero-30-day-grace-period-security-bugs
Google Project Zero will give a 30-day grace period before disclosing security issues
Google’s Project Zero, a team of dedicated security engineers tasked with reducing the number of “zero day” vulnerabilities around the entire internet, says it will give developers an extra 30 days before disclosing vulnerability issues, in order to give end-users time to patch their software.
Developers will still have 90 days to fix bugs, but Project Zero will wait another 30 days before it discloses the details of the bug publicly. If a flaw is being actively exploited in the wild, a company will have seven days to issue a patch, and a three-day grace period if requested. But Google Project Zero will wait 30 days before it discloses technical details.
In 2020, Google announced a trial to allow developers 90 days to work on patch...
Original Link: https://www.theverge.com/2021/4/17/22389135/google-project-zero-30-day-grace-period-security-bugs
Share this article:
Tweet
View Full Article
The Verge
The Verge is an ambitious multimedia effort founded in 2011More About this Source Visit The Verge