View to a Patch: Google Tweaks Its Vulnerability Disclosure

Security Experts Laud Project Zero's Push for Greater Transparency, Faster Patches Mathew J. Schwartz (euroinfosec) • August 1, 2025

Google is trying out a new approach to publicizing flaws found by its in-house bug hunters aimed at more rapidly getting patches into users' hands.

See Also: Post-Quantum Cryptography - A Fundamental Pillar in the Future of Cybersecurity [ES]

Under a trial policy effective immediately, Google's Project Zero team will publish a general alert to the public within seven days of any vulnerability notification it makes to another company. The alert will name the vulnerable product, detail when the vendor was notified and when Google intends release full details of the flaw publicly, which typically occurs 90 days after Google makes its notification.

This trial policy, dubbed "Reporting Transparency," aims to shrink the upstream patch gap, the period in which a fix is available "but downstream dependents, who are ...