Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
#1
Information 
Quote:Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted.
 
Known for discovering a number of high-profile zero days—in Google’s own products as well as those found in rival Apple’s software—Project Zero last year began revealing the technical details of flaws its researchers discovered 90 days after the initial vulnerability report.
 
However, now research group is changing this tactic slightly, saying it will delay disclosure of the technical details of the vulnerability until 30 days after a patch is issued if that patch is created within the 90-day period, according to a blog post by Project Zero’s Tim Willis posted Thursday. “Vendors will now have 90 days for patch development, and an additional 30 days for patch adoption,” he wrote.
 
Moving to this so-called “90+30 model” will allow researchers and the industry as a whole to “decouple time to patch from patch adoption time, reduce the contentious debate around attacker/defender trade-offs and the sharing of technical details, while advocating to reduce the amount of time that end users are vulnerable to known attacks,” Willis explained.
 
However, technical details of vulnerabilities that remained unpatched during the 90-day period after Project Zero discovers them still will be disclosed immediately after that grace period is up, according to the post.

Read more: Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>