Google has extended the disclosure period for vulnerabilities uncovered in its Project Zero program by an additional two weeks, if a vendor is planning a patch in the two weeks following the deadline.
Writing in a group post on the Project Zero blog, the search giant revealed a number of changes to the disclosure of ‘Zero Day’ exploit disclosures, including a the assignment of CVEs, deadline shifts for weekends and holidays, and an additional 14 day ‘grace period’ for vendors with a patch scheduled up to two weeks after the 90 day deadline.
Google's Project Zero extends 90 day exploit disclosure deadline
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.