The search engine giant, Google changes its disclosure policy, after Google has been criticized by Microsoft Corporation regarding the vulnerability issue of Google.
The new security disclosure policy of Google comes with a new policy that Google will disclose any vulnerabilities that are present in other products after 90 days. Google will notify the company regarding the security vulnerability of the product and also offer 14 day grace period for the vendor, to schedule the release of the patch.
In addition to all of the above mentioned content, if the deadline falls on weekends or in the U.S. public holiday, then Google will postpone the disclosure of the issue until the next business day arrives. Both the things will be helpful for the Microsoft Corporation, that release the vulnerability patch after two days, after it has been disclosed on a Sunday.
Google said that the deadline will help in improving the security feature of the tech product and offers productivity also. Till now, out of 154 vulnerabilities found by Project Zero team, 85 percentage of the total vulnerability issues were fixed within 90 days of deadline period. Apart from this, more than 95 percentage of the 73 issues filed and fixed by the software vendors after October 1 2014, were fixed ahead of the given deadlines.
Key players from the company said in a blog post as,
“Deadlines appear to be working to improve patch times and end user security—especially when enforced consistently…”
By providing deadlines will brings up fastest patches and also encourages the company to release speedy patches. The Project Zero team has made the other companies to produce quick patching and becomes an important issue for tech companies to provide a better as well as an efficient solution for the security vulnerabilities. This would definitely help the users from various security vulnerabilities through the tech products.