Google through the controlled Project Zero structure will report the detected vulnerability in companies in the products of the week. However, the specifics will be laid out in 90 days.
Google, Xrust believes, made this controversial change in the notification of customers about software vulnerabilities to accelerate the release of corrections. Project Zero, controlled by the brand, will be responsible for fulfilling the promise. This is engaged in the identification of previously unknown software errors, also known as the vulnerability of the zero day.
Earlier, the group provided the software supplier 90 days to correct vulnerability before publishing information about vulnerability. If the supplier issues a correction, information about it is published after 30 days so that the users have time to install it.
Project Zero is currently reviewing the vulnerability disclosure policy, referring to the need to put pressure on the software suppliers, so that they are more actively introducing corrections. The 90-day period of disclosure of information remains in force. But, starting from today, the team will report about the discovered vulnerabilities (publicly indicating the name of the supplier and the name of the product) within one week after the message about the problem of the developer by the. the detection of two new vulnerabilities in Microsoft Windows, as well as three deficiencies in the Google product “Bigwave”, possibly related to video codec.
Xrust Google intends to publicly report new unheated vulnerabilities
- Если Вам понравилась статья, рекомендуем почитать
- Microsoft mobile application can now remotely block your computer with Windows
- Pictures created by ChatGPT will soon be marked with Openai watermarks
