Google’s Project Zero will give developers an added 30-day grace period before disclosing vulnerabilities so that end-users get time to patch their software.
Developers will still have 90 days to patch bugs but Project Zero will wait an additional 30 days before divulging vulnerability issues, but, if a patch happens within the disclosure period, the technical details will be disclosed 30 days after the patch is released. But, if a flaw is being actively exploited in the wild, disclosure will take place a week after notification.
To Read More: zdnet
