Google

Google Project Zero

2015/02/13 : "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a...Read more

Vulnerability Disclosure FAQ (Project Zero)

2019/07/31 : Here is the Project Zero FAQ. 

This artifact is part of the Google Project Zero Bundle.Read more

Rebooting Responsible Disclosure: a focus on protecting and users

2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more

Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers

2014/07/15 : "Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software."

This artifact is...Read more

Google Ups the Bug Bounty Ante to $3133.7 (Threat post)

2010/07/20 : Dennis Fisher writes on the new adjustment of the price of Google bug rewards.

This artifact is part of the Google Vulnerability Report Bundle.Read more

Google Vulnerability Report

Google Security Reward - 2015 Year in Review
Google to Pay For Bugs Found in Chromium (Threat post)
Google Ups the Bug Bounty Ante to $3133.7 (Threat post)
Google Open Source Vulnerabilities (OSV)
Google to Pay For Bugs Found in Chromium (Threat post)

2010/01/29 : Dennis Fisher writes on the Google new program. It "will pay security researchers a $500 bounty for every security bug they find in Chromium, the open-source codebase behind the Google Chrome browser, as well as for bugs found in Chrome itself."

This...Read more

A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)

2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more

Google Security Reward - 2015 Year in Review

2010/01 : Google launches its Vulnerability Report Program which gives financial bounties to security researcher finding bugs. 

"[B]ecause rewarding security researchers for their hard work benefits everyone. These financial rewards help make our services, and the web as a whole,...Read more

Google Open Source Vulnerabilities (OSV)

2021/02/05 : Google launches OSV (Open Source Vulnerabilities).
"The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consumers of open source software accurately identify if they are impacted and then make security...Read more

Google 7-days disclosure

2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities. 

"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more

Google Project Zero

Google Project Zero
Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers
A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)
Project Zero Policy and Disclosure: 2021 Edition
Vulnerability Disclosure FAQ (Project Zero)
Subscribe to Google
Need help with PECE?
Join the PECE Slack channel