Security News > 2020 > January > Google’s Project Zero highlights patch quality with policy tweak
2020-01-09 11:26
Google's Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches.
The vendor then has 90 days to fix the bug before Project Zero lifts the veil.
Project Zero is also taking a harder line with vendors who release poor patches.
If the report has not yet been released, Project Zero will not extend the vendor's deadline.
In the past, Project Zero would go public with the bug "Sometime after" a vendor shipped a patch during the grace period.