- Apr 12, 2001
Project Zero is a security team consisting of experienced programmers that look through the code of Google and several of its competitors to discover security flaws, like those uncovered in OS X Yosemite back in January. The team immediately discloses any vulnerabilities found to vendors, providing them with a 90-day deadline to release a software patch before sharing the vulnerabilities with the public."We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch."
The role of Google playing security watchdog for other companies has been the subject of much debate, with some believing that the company has a disingenuous agenda and others claiming that it is taking appropriate action. Google claims that it holds itself to the same 90-day policy it enforces on other tech companies, with bugs in the pipeline for Chrome and Android that are subject to the same deadline policy.
Article Link: Google Relaxes Project Zero Bug Disclosure Policy