Google has added an extra 30-day period to its vulnerability disclosure cycle to allow customers more time to fix vulnerabilities before technical details are released.
The tech giant’s Project Zero team is a prolific researcher of industry vulnerabilities, and maintains a strict 90-day policy of public vulnerability disclosure after vendor notification, in order to pressure firms to issue patches quicker.
“In practice however, we didn’t observe a significant shift in patch development…
Source link
