Active Stocks
Tue Sep 10 2024 12:34:18
  1. Tata Steel share price
  2. 149.40 0.00%
  1. NTPC share price
  2. 393.50 0.91%
  1. State Bank Of India share price
  2. 784.00 -0.04%
  1. HDFC Bank share price
  2. 1,648.70 0.07%
  1. ICICI Bank share price
  2. 1,230.05 -0.63%
Business News/ Technology / News/  Google’s Project Zero revises vulnerability disclosure timelines to increase patch adoption
BackBack

Google’s Project Zero revises vulnerability disclosure timelines to increase patch adoption

For vulnerabilities that are being actively exploited by hackers, Google will publish details immediately if the said issues remain unpatched after 7 days of reporting them. If the issue is fixed within the 7 days, then Google will wait 30 days before publishing the vulnerabilities

Google’s decision comes on the heels of a general increase in cybersecurity issues around the world last year. (Photo: AP)Premium
Google’s decision comes on the heels of a general increase in cybersecurity issues around the world last year. (Photo: AP)

NEW DELHI: Google’s cybersecurity division, Project Zero, has changed its disclosure policies today with the intent to “refocus on reducing the time it takes for vulnerabilities to get fixed", in the industry right now. The Project Zero team, which deals with vulnerabilities in hardware and software systems, will report vulnerabilities earlier if a company hasn’t fixed the flaw in record time.

“Project Zero won't share technical details of a vulnerability for 30 days if a vendor patches it before the 90-day or 7-day deadline. The 30-day period is intended for user patch adoption," the company said in a blog post.

The team used to provide a 90-day period after issuing a vulnerability report, followed by a 14-day grace period, before it published details of the vulnerability. Now, if an issue remains unpatched after the 90 days, Google will publish the details immediately. This is likely aimed at making users download patches quickly, once a company issues them.

Further, for vulnerabilities that are being actively exploited by hackers, Google will publish details immediately if the said issues remain unpatched after 7 days of reporting them. If the issue is fixed within the 7 days, then Google will wait 30 days before publishing the vulnerabilities. The company used to offer no grace period on such reports but will allow hardware and software vendors to request for an additional three-day grace period now.

The Project Zero team said the changes are aimed at shortening the time elapsed between a bug report and its patch being made available to users. It also wants to ensure “thorough patch development" and “improved patch adoption" once a patch is released by the affected vendor.

Google’s decision comes on the heels of a general increase in cybersecurity issues around the world last year. According to a March report from the Indian Computer Emergency Response Team (CERT-In), cyber security incidents in India grew from 3,94,499 in 2019 to 11,58,208 in 2020, which is a nearly 200% increase.

3.6 Crore Indians visited in a single day choosing us as India's undisputed platform for General Election Results. Explore the latest updates here!

ABOUT THE AUTHOR
Prasid Banerjee
An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
Catch all the latest updates on Apple Event 2024. Discover everything you need to know about the iPhone 16, iPhone 16 Pro, iPhone 16 Pro Max, and iPhone 16 Plus.
More Less
Published: 19 Apr 2021, 01:32 PM IST
Next Story footLogo
Recommended For You