At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic!

Here's P0's policy changes for 2020 (with our rationale for the changes):https://t.co/6Ln8F6CIq2

— Tim Willis (@itswillis) January 7, 2020

Project Zero: Policy and Disclosure: 2020 Edition https://t.co/zAR5lvVqkZ

— cje in oz! (@caseyjohnellis) January 8, 2020

Policy and Disclosure: 2020 Edition https://t.co/437PanOTTx

— Project Zero Bugs (@ProjectZeroBugs) January 7, 2020

Project Zero Policy and Disclosure: 2020 Edition -- https://t.co/UKXputzdAu

— Ben Hawkes (@benhawkes) January 7, 2020

Wait...what does this mean for the argument (held by several peopleI spoke with this year) that P0 is just a free provider of Ndays to the NSOs of the world? https://t.co/8zH3lvUMNx

— Lorenzo Franceschi-Bicchierai (@lorenzofb) January 8, 2020

Google Project Zero shifts to full 90-day disclosures to improve patch uptake https://t.co/W0Ci73VwGu via @ZDNet

— Security Response (@threatintel) January 8, 2020

Google Project Zero shifts to full 90-day disclosures to improve patch uptake https://t.co/oT14Nz3R0v

— The Cyber Security Hub (@TheCyberSecHub) January 8, 2020

Google Project Zero trialing 90 days before disclosing - 9to5Google https://t.co/KJhIOd0YKi pic.twitter.com/xOTrHRqphS

— Rich Tehrani (@rtehrani) January 8, 2020

2020/01/01以降に報告された脆弱性については、バグが修正された時期に関係なく90日目にすべての詳細を公開しちゃうZE by Project Zerohttps://t.co/ZFE0YuoSAo

— 針金細工 (@Wireworkes) January 9, 2020