You guys already have been knowing about Google Project-Zero. It is one of the Google-[X] projects which is meant to find vulnerabilities in any software which is popular enough to be secured. Well, the members may find vulnerabilities in any software they want to be more secure. But what we saw recently is that Google is mostly interested in the Windows Platform vulnerabilities.
Google has already been in the news for going hard on Microsoft over its strict 90-days vulnerability disclosure policy, where it made the vulnerabilities visible to public after the deadline. Although Microsoft couldn’t find a patch for the problem.
YOU MAY ALSO LIKE: Ubuntu steps into the Smartphone Market with Aquaris E4.5
Now, the search giant, Google, is saying that it will give vendors (like Microsoft) a 14-days grace period if they promise to release a patch and fix the issue within two weeks . (It is like throwing a thread to save someone who is drowning). It’s a nice move from Google by extending the deadline for exceptional vulnerabilities, because if it is exposed to public it may pose a threat to the vendor.
Let me tell you, Google’s Project Zero is known for tracking vulnerabilities in the software releases by any vendor and then reporting the vulnerabilities to the vendors, warning it to fix within a time period of 90-days or else it will disclose it publicly.
Google officials said in their blog post, “We now are giving a 14-day grace period. If a given time period (of 90-Days) expires, and the vendor informs before the deadline that an update or patch is almost cooked and is scheduled to release on a specific day within 14-days, after day-zero then the grace period will be applicable. If the patch still doesn’t come up then the vulnerability (no matter how serious) will be disclosed publicly.
However, Vendors (I mean, Microsoft) has now got an extra clock time ticking for the next public disclosure, which reduces the pressure on the security experts working at Microsoft.
Not forgetting to mention earlier this year, Google loved to openly publish a Windows 8.1 vulnerability that gave an attacker the
administrator privilege. Google said it had given enough time to Microsoft to fix the problem before the vulnerabilities went public on December-29-2014. It further clarified that Microsoft was informed regarding the issue on 20th of September and it had been 90 days since no patch or fix was released to eliminate this vulnerability.