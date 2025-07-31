Vulnerability Management

Google Project Zero to expedite public flaw disclosures

CyberScoop reports that Google Project Zero has committed to publicly sharing vulnerability details within a week of the issue's disclosure to the vendor in a bid to accelerate the timeline between the release and application of security patches.

Early vulnerability reports will include the impacted product and the vendor or open-source project behind the product, as well as the report filing date and 90-day disclosure deadline, but not proof-of-concept details or other technical information that could be leveraged by threat actors, according to Google, which will maintain the 90+30 disclosure deadline policy for vendors and affected customers. "This data will make it easier for researchers and the public to track how long it takes for a fix to travel from the initial report, all the way to a user's device," said Google Project Zero Head Tim Willis, who noted an ongoing assessment of the policy change's impact on vulnerability remediation efforts.

