With a post on the official blog, the Google team working on Project Zero has announced important news regarding the timing of dissemination of details relating to the vulnerabilities found and resolved from time to time.
The Mountain View giant says that it is happy with how their disclosure policy has worked over the past five years, as 97.7% of vulnerability reports are now resolved within 90 days while some problems in 2014 took six or more months before having a patch.
In 2020, partner companies will be given 90 days regardless of when the bug was solved: in practice, regardless of when the solution to a problem was found (20 days, 50 days or 90 days), the details related to it will always be disclosed on the ninetieth day.
The new goals of the Project Zero team include faster patch development and improved procedures to make these solutions available to users faster, a more in-depth way to deal with problems (to solve them at 360° and not only superficially) and the increase in users’ awareness of the need to update their devices to install a resolving patch of a certain bug.
These new rules will be adopted for a twelve-month trial period and only after that will Google decide whether to keep them or not.