According to TechRadar, Google’s Project Zero has revealed that it will be trialling a new policy where the security team will give companies a full 90 days before disclosing issues in their systems or software. The search giant’s team of security analysts is well regarded for discovering major vulnerabilities but it has received criticism from others in the industry for its relatively fast disclosure times. The new disclosure policy aims to fix this while also holding companies more accountable for how they patch security issues.
Google’s Project Zero security team will now wait 90 days to disclose any vulnerabilities they find https://t.co/I34214G4CU
— XDA (@xdadevelopers) January 8, 2020