Google Project Zero to Reveal Bugs After One Week

Google Project Zero plans to publicly disclose security vulnerabilities within seven days of reporting them to vendors, aiming to reduce delays in patch adoption. The policy shift targets what researchers describe as the “upstream patch gap,” where fixes exist but downstream vendors have yet to incorporate them into widely used products. By accelerating transparency, Google Project Zero to Reveal Bugs hopes to pressure vendors to act more swiftly in securing end users.

The move comes amid growing frustration over the lag between patch availability and full integration into consumer-facing systems. Project Zero analysts note that even after a vulnerability receives a fix, it can remain exploitable if downstream implementers fail to deploy updates promptly. With this change, Google Project Zero to Reveal Bugs intends to spotlight these delays and encourage faster remediation efforts across the software supply chain.

To read the full article and learn more about the policy update, visit:
https://therecord.media/google-project-zero-publicly-announce-vulnerabilities-week-after-reporting