Saturday, June 12, 2021

Google Project Zero giving The 30-day grace period for user patch adoption

Must Read

NimzaLoader malware was written Nim Programming Language to be less detected

NimzaLoader malware is unusual because it's written in a programming language rarely used by cybercriminals - which could make...

CISA issues emergency to Federal Agencies Regarding Microsoft Exchange Flaw

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on...

CERT report Shows security holes In the Polish education sector

Education associations in Poland are counseled to tighten their security controls following a fresh report highlighted many different openings...

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to gives users time to install patches before technical details are revealed.

That means developers will still have 90 days to fix regular bugs (with a 14-day grace period if requested), but Google will wait an additional 30 days before disclosing the details publicly.

For flaws being actively exploited in the wild (zero-day), companies still have seven days to patch, with a three-day grace period on demand. However, Google will now wait 30 days before revealing the technical details. 

Last year, the team started iterating on disclosure policy with a focus on faster and more thorough patch deployment, as well as improved patch adoption.

Conclusion

Moving to a “90+30” model allows us to decouple time to patch from patch adoption time, reduce the contentious debate around attacker/defender trade-offs and the sharing of technical details while advocating to reduce the amount of time that end users are vulnerable to known attacks.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This