Friday, September 24, 2021

Google Project Zero giving The 30-day grace period for user patch adoption

Must Read

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records

Today, researchers have revealed a security vulnerability by exploiting which they could access more than 100,000 private worker records...

Unpatched Browsers Abound, Study Reveals

Google Chrome users do not always take the time to relaunch browser upgrades, and a few legacy programs do...

Indian supply-chain giant Bizongo suffers a massive data breach

Indian start-ups have been hit with a string of data breaches in recent days, and Mumbai-based digital supply-chain giant...

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to gives users time to install patches before technical details are revealed.

That means developers will still have 90 days to fix regular bugs (with a 14-day grace period if requested), but Google will wait an additional 30 days before disclosing the details publicly.

For flaws being actively exploited in the wild (zero-day), companies still have seven days to patch, with a three-day grace period on demand. However, Google will now wait 30 days before revealing the technical details. 

Last year, the team started iterating on disclosure policy with a focus on faster and more thorough patch deployment, as well as improved patch adoption.

Conclusion

Moving to a “90+30” model allows us to decouple time to patch from patch adoption time, reduce the contentious debate around attacker/defender trade-offs and the sharing of technical details while advocating to reduce the amount of time that end users are vulnerable to known attacks.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This