Project Zero Policy and Disclosure: 2020 Edition -- https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html …
Great question, I'm definitely concerned about it and it was a big part of our discussions. Talking to a lot of vendors, they're generally aware of this type of analysis, but it wasn't always the biggest factor in terms of motivating them to improve patch speed/quality/adoption.
-
-
For the vendors that want to disclose information closer to the patch date, we still have that option though. I suspect quite a few will still want to align disclosure around security bulletins.
-
I think you're right that attacker's are incentivized to study patches in more detail than defenders though, so we'll be looking very closely at the gap between patch and disclosure to make sure the policy is well balanced.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.