Google announced Project Zero back in 2014 in a quest to make the internet more secure by researching software exploits and informing affected developers about them. The company soon adopted a 90-days public disclosure deadline in order to speed up the patching process. In 2020, this policy will change just a little bit. Previously, vulnerabilities were published as soon as developers fixed them, but now, Google will always wait the full 90 days until it reports to the public. That's meant to ensure that patches have rolled out to more users before potential bad actors know about the exploits, thus leaving fewer people vulnerable. Read More
2017 was a big year for security research in technology, just as it is every year. With the much publicised 'Meltdown' and 'Spectre' CPU vulnerabilities and countless other lesser-known security bugs, researchers had their work cut out uncovering these flaws before anyone with more nefarious intentions could.
Google does its bit to compensate the research community for their hard work in keeping its users protected. In a recent blog post, the company released some numbers for the 2017 Vulnerability Rewards Program while also paying tribute to the dedicated researchers. Google paid out a total of $2.9 million as part of the program, to individuals and teams in 60 different countries. Read More