Google Project Zero has implemented a new Reporting Transparency policy to improve the communication and patching process for reported security vulnerabilities. This initiative aims to reduce the upstream patch gap and enhance security awareness without compromising the 90-day disclosure deadline. #GoogleProjectZero #ReportingTransparency
Keypoints
- Google Project Zeroβs new policy increases transparency around vulnerability reports.
- The policy does not change the existing 90-day bug disclosure deadline.
- Within one week of reporting, details will be publicly shared after the deadline expires.
- The initiative aims to reduce the upstream patch gap and improve patch adoption.
- The policy enhances communication between upstream and downstream vendors but avoids sharing technical exploit details.
Read More: https://www.securityweek.com/google-project-zero-tackles-upstream-patch-gap-with-new-policy/