Google Security advocates shortened 0-day disclosure period

Posted by on May 30, 2013 in Blog, Security

From the Google Online Security Blog:

…we believe that more urgent action — within 7 days — is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised.

Google has always been pretty good about advocating for improved security, so while it’s no surprise, we’re still very glad to hear this. Many software vendors we have to deal with tend to drag their feet with bugs/patches and could use a swift kick from someone as big as Google.

Read More