2019/07/31 : Here is the Project Zero FAQ.
This artifact is part of the Google Project Zero Bundle.Read more
2014/07/15 : "Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software."
This artifact is...Read more
2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more
2015/02/13 : "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a...Read more
2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities.
"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more
2021/02/05 : Google launches OSV (Open Source Vulnerabilities).
"The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consumers of open source software accurately identify if they are impacted and then make security...Read more
2010/01/29 : Dennis Fisher writes on the Google new program. It "will pay security researchers a $500 bounty for every security bug they find in Chromium, the open-source codebase behind the Google Chrome browser, as well as for bugs found in Chrome itself."
This...Read more
2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more
2010/07/20 : Dennis Fisher writes on the new adjustment of the price of Google bug rewards.
This artifact is part of the Google Vulnerability Report Bundle.Read more
2010/01 : Google launches its Vulnerability Report Program which gives financial bounties to security researcher finding bugs.
"[B]ecause rewarding security researchers for their hard work benefits everyone. These financial rewards help make our services, and the web as a whole,...Read more