View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 17, 2015updated 19 Aug 2016 3:58pm

Google tweaks vulnerability disclosure policy

It will now adhere to a 90-day disclosure deadline.

By CBR Staff Writer

Google Security and Project Zero, the tech major’s security research team, has confirmed to disclose zero-day vulnerabilities only after the completion of a 90-day period, following harsh words from Microsoft and others over its bug disclosure policy

Google said: "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well."

"We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix."

"We’ve chosen a middle-of-the-road deadline timeline and feel it’s reasonably calibrated for the current state of the industry."

The latest changes will provide software vendors with an additional 14-day grace period upon the initial 90-day time frame if a patch is set for launch during that two-week period.

The tech major added: "Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+)."

Google was recently slammed by Microsoft over publicly disclosing an unpatched bug in Windows 8.1, after Microsoft allegedly failed to fix the issue within a standard three month window.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Furthermore, Microsoft sought better co-ordination over software bug disclosures, within a week after it revealed plans to stop the pre-release of Patch Tuesday cybersecurity bulletins to the public.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU