According to TechRadar, Google’s Project Zero has revealed that it will be trialling a new policy where the security team will give companies a full 90 days before disclosing issues in their systems or software. The search giant’s team of security analysts is well regarded for discovering major vulnerabilities but it has received criticism from others in the industry for its relatively fast disclosure times. The new disclosure policy aims to fix this while also holding companies more accountable for how they patch security issues.
Google’s Project Zero security team will now wait 90 days to disclose any vulnerabilities they find https://t.co/I34214G4CU
— XDA (@xdadevelopers) January 8, 2020
Experts Comments
Linkedin Message
@Ceri Charlton, Associate Director , provides expert commentary at @Information Security Buzz.
"I do not believe that the change will lead to vulnerabilities being open for longer. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/google-project-zero-changes-rules-on-revealing-cyberattacks
Facebook Message
@Ceri Charlton, Associate Director , provides expert commentary at @Information Security Buzz.
"I do not believe that the change will lead to vulnerabilities being open for longer. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/google-project-zero-changes-rules-on-revealing-cyberattacks
Linkedin Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"A fixed length will most likely work for the majority of vulnerabilities...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/google-project-zero-changes-rules-on-revealing-cyberattacks
Facebook Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"A fixed length will most likely work for the majority of vulnerabilities...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/google-project-zero-changes-rules-on-revealing-cyberattacks
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Casey Ellis, CTO and Founder, provides expert commentary at @Information Security Buzz.
"The policy’s delayed disclosure notice is a smart move...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/google-project-zero-changes-rules-on-revealing-cyberattacks
Facebook Message
@Casey Ellis, CTO and Founder, provides expert commentary at @Information Security Buzz.
"The policy’s delayed disclosure notice is a smart move...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/google-project-zero-changes-rules-on-revealing-cyberattacks