In a bid to give developers more time to address security vulnerabilities, Google has made changes to its Project Zero disclosure programme which could also mean that other companies roll out half-baked patches.
Announced in July, 2014, the Project Zero is a team of security analysts employed by Google who are tasked with finding zero-day vulnerabilities, the secret hackable bugs which are exploited by criminals, state-sponsored hackers, and intelligence agencies.
“We recently reviewed our policies and the goals we hope to accomplish with our disclosure policy. As a result of that review, we have decided to make some changes to our vulnerability disclosure policy in 2020. We will start by describing the changes to the policy, and then discuss the rationale behind these changes,” Tim Willis, Manager, Project Zero, wrote in a blog post on Tuesday.