At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic!
— Tim Willis (@itswillis) January 7, 2020
Here's P0's policy changes for 2020 (with our rationale for the changes):https://t.co/6Ln8F6CIq2
Project Zero: Policy and Disclosure: 2020 Edition https://t.co/zAR5lvVqkZ
— cje in oz! (@caseyjohnellis) January 8, 2020
Policy and Disclosure: 2020 Edition https://t.co/437PanOTTx
— Project Zero Bugs (@ProjectZeroBugs) January 7, 2020
Project Zero Policy and Disclosure: 2020 Edition -- https://t.co/UKXputzdAu
— Ben Hawkes (@benhawkes) January 7, 2020
Wait...what does this mean for the argument (held by several peopleI spoke with this year) that P0 is just a free provider of Ndays to the NSOs of the world? https://t.co/8zH3lvUMNx
— Lorenzo Franceschi-Bicchierai (@lorenzofb) January 8, 2020
Google Project Zero shifts to full 90-day disclosures to improve patch uptake https://t.co/W0Ci73VwGu via @ZDNet
— Security Response (@threatintel) January 8, 2020
Google Project Zero shifts to full 90-day disclosures to improve patch uptake https://t.co/oT14Nz3R0v
— The Cyber Security Hub (@TheCyberSecHub) January 8, 2020
Google Project Zero trialing 90 days before disclosing - 9to5Google https://t.co/KJhIOd0YKi pic.twitter.com/xOTrHRqphS
— Rich Tehrani (@rtehrani) January 8, 2020
2020/01/01以降に報告された脆弱性については、バグが修正された時期に関係なく90日目にすべての詳細を公開しちゃうZE by Project Zerohttps://t.co/ZFE0YuoSAo
— 針金細工 (@Wireworkes) January 9, 2020