Tasked with reducing the number of vulnerabilities known as zero days Google Project Zerofor users to install patches before revealing technical details of a defect 30 days grace period will recognize. This extra time is intended to allow more users to install the resulting fix.
You may be interested in
Google plans to stop showing ads based on search history
See Also. “Google Phone application will record calls from numbers not registered in the phone book”
The periods will be shortened next year
Previously, technical documentation of a vulnerability was shared as soon as the 90-day period ended, regardless of whether a patch was released. With the new model, if a patch is released during this time, the team will wait 30 days after the patch is released to share the technical details of its review.
Project Zero manager Tim Willis wrote in a blog post: “Switching to a” 90 + 30 “model allows us to separate fix time from patch adoption time, reduce discussions on offensive / defensive exchanges and technical details, as well as reduce the time that end users are vulnerable to known attacks. provides. ” gave his statements.
The Project Zero team states that this relaxed policy will not last for long as they will try to shorten the disclosure deadline in the near future. The team is likely to be in the blog post for 2022 84 + 28 implies that they can switch to the model.