Google Project Zero will give a 30-day grace period before disclosing security issues

Google’s Project Zero, a team of dedicated security engineers tasked with reducing the number of “zero day” vulnerabilities around the entire internet, says it will give developers an extra 30 days before disclosing vulnerability issues, in order to give end-users time to patch their software.

Developers will still have 90 days to fix bugs, but Project Zero will wait another 30 days before it discloses the details of the bug publicly. If a flaw is being actively exploited in the wild, a company will have seven days to issue a patch, and a three-day grace period if requested. But Google Project Zero will wait 30 days before it discloses technical details.

In 2020, Google announced a trial to allow developers 90 days to work on patch...

Continue reading…