Security News

The more notable part of the announcement is Project Zero's decision to wait to disclose bug details until 90 days elapses, even if a patch becomes available before then. "For the last five years, the team has used its vulnerability disclosure policy to focus on one primary goal: Faster patch development," explained Willis, in a posting on Tuesday on the policy changes.

Google's Project Zero has updated its vulnerability disclosure policy to keep bug reports closed for 90 days, regardless of whether a patch is out before the deadline or not. The goal of this new policy, Google Project Zero's Tim Willis notes, goes beyond just attempting to speed up patching: thorough patch development and improved patch adoption are also a focus.

When Hackers and Vendors Both Benefit, Your System May be the Biggest Loser read more

Moxa Urges Users to Replace Discontinued Industrial AP Filled With Security Holes read more

A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting...

A serious Wi-Fi flaw shows how Linux handles security in plain sight.

The issue is in an Intel chip used for remote management.

49-year-old to appear at the Old Bailey next month A former BAE Systems defence contractor has appeared in court accused of leaking "highly sensitive" secrets to foreign governments.…

A full 90% of security professionals say yes, according to a poll conducted by 451 Research and commissioned by security testing company Veracode.