For what it's worth, Project Zero uses the same vulnerability disclosure rules for everyone - Android included.
-
This Tweet is unavailable.
-
-
Replying to @benhawkes @geekable
Our view is simple: security research and disclosure policy can play a positive role in improving vulnerability remediation.
1 reply 0 retweets 0 likes -
This Tweet is unavailable.
-
Replying to @geekable
Checking the original blog post on the 7-day deadline - the baseline expectation is a public advisory, not necessarily a patch.
1 reply 0 retweets 1 like -
Replying to @benhawkes @geekable
Project Zero didn't have anything to do with the recent win32k bug that went out under this 7 day deadline though!
1 reply 0 retweets 0 likes
Replying to @benhawkes @geekable
In saying that, researchers clearly setting expectations that in-the-wild attacks are fixed quickly seems pretty reasonable to me.
3:09 PM - 8 Nov 2016
1 reply
0 retweets
1 like
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.