Google gives developers more time to fix security flaws before revealing them
See the original posting on The Verge
Google’s Project Zero, announced last year as a way to bolster internet security, had Google engineers identifying “zero day” vulnerabilities in software and services previously unknown security flaws that developers have had no time to patch or fix. When its engineers found such vulnerabilities, Google would originally give the developers a strict 90-day window to issue a fix, before making an exploit or security hole public. At the time of launch, the search giant believed the timeframe would give developers enough time to cook up a fix, but in the face of criticism, it’s now extended that 90-day period.
If developers contact Google and indicate that a fix is being put together, but won’t be ready in time for the 90-day window, then…