Google, Google, to accelerate the patch rollout, is making a potentially controversial change in how Google’s security team shows software risks.
This news comes from Google’s “project Zero”, which is first focused on exposing an unknown software worm, also known as zero day. The group used to give a software vendor 90 days to patch a flaw before showing a public threat. (If a vendor issues a patch, the disclosure will arrive to give users time to install after 30 days.)
The project Zero is now revising the team’s weakness disclosure policy, citing software vendors the need to pressurize the need to adopt better patch. The 90 -day revelation practice is in force. But from today, the team is about to share when it detects a flaw – a week after publicly reporting the issue to the vendor’s name and product maker to the software maker.
This tweet is not currently available. It is loaded or removed.
The new policy is now implemented on a trial basis, which has led the project Zero to show that it has referred to the video codec, along with two new weaknesses in Microsoft Windows, as well as three flaws in Google’s “Big View” product.
(Credit: Project Zero)
To prevent hackers from stopping, the new practice will not reveal the correct nature or severity of the reports reported. “We want to be clear: no technical details, proof off -concept code, or information that we believe will be aid to the deadline,” Google’s Project Zero Head, Tim Willis, wrote in this announcement. “It is a warning to report transparency, no blueprint for the attackers.”
The project Zero is taking a change to deal with what is called “upstream patch gap” – or when the software vendor publishes a fix for a flaw, but the “flow” partners responsible for sending the security update in fact fail to do something, which keeps users weak.
Get our best stories!
Be safe with the latest greeting news and updates
By clicking on the signup, you confirm that you are 16+ years old and agree to our use and privacy policy terms.
Thank you for signing up!
Your membership has been confirmed. Keep an eye on your inbox!
According to Willis, more transparency promises “shrinking the difference of the upstream patch” because the Bahau’s partners will not be left in the dark about a danger that is being determined. It also puts consumers in the loop, at least the results obtained from the project Zero.
“We hope the trial will encourage the formation of strong communication channels between the security -based shopkeepers and the relief of the flow, which will lead to the adaptation of fast patch and better patches for the closing users,” Willis added.
(Credit: Steven Potzer via Getty Images)
Nevertheless, the project Zero knows that this change can slip some wings (including Google, which maintains Android OS), as the same policy also highlights the unmanned insects. This is probably why the project Zero has decided to perform new disclosure practice as a trial with the purpose of “closely monitor its effects”.
Suggested by our editors
“We understand that for some shopkeepers without the environmental system, this policy can create unwanted noise and attention to the dangers that they can solve,” he said. However, these shopkeepers now represent the minority of the weaknesses reported by the project Zero. We believe that the benefits of a fair, easy, permanent and transparent policy are far more than the risk of hurting shopkeepers. “
In a general questionnaire, the project Zero had earlier warned the public about the existence of some flaws. The general questionnaire says, “All of the software of complication will consist of weaknesses, so ‘I have only reported a risk report in the Android media server’ is not materially useful information for the attacker.
The page also states: “By July 29, 2025, we have 2,131 risks with the deadline of 90 days in our issue of ‘new’ or ‘fixed’ state in our issues, and 95 weaknesses are not available to users.”
About Michael’s ear
Senior Reporter
