Google Project Zero Addresses the 'Patch Gap' in Vulnerability Disclosure
By
esnard
Master baker tier. Every paragraph earns its place on the tray.
Summary
The article discusses Google Project Zero's updated vulnerability disclosure policy, the '90+30' model, introduced in 2021 to accelerate patch development and adoption. It highlights the persistent challenge of the 'patch gap,' the delay between a security fix release and its installation on end-user devices. The piece emphasizes the complexity of this issue and its implications for cybersecurity.
Key quotes
· 3 pulledOur goals were to drive faster yet thorough patch development, and improve patch adoption.
The time it takes for a fix to actually reach an end-user's device is a significant challenge.
Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update.
You might also wanna read
Microsoft calls for coordinated vulnerability disclosure after zero-day disclosures put customers at risk
Microsoft addresses the recent public disclosure of zero-day vulnerabilities that were not shared with the company beforehand, putting custo
microsoft.com·1d ago
Microsoft criticizes uncoordinated disclosure of six zero-day vulnerabilities
Microsoft has criticized the irresponsible disclosure of six zero-day vulnerabilities in its products, named BlueHammer, GreenPlasma, MiniPl
briefly.co·2d ago
AI discovers 271 Firefox vulnerabilities, signaling security debt repayment
Mozilla discovered 271 previously unknown Firefox vulnerabilities in just days using AI-powered testing, bugs that millions of automated tes
GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery
GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m
The Verge·1mo ago