Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then. Full details on any vulnerability will be made public 90 days after discovery, regardless of when the bug is fixed. The rationale for abandoning the group s previous coordinated disclosure policy, according to Project Zero researcher Tim Willis, is to ensure that fixes are thorough and not just rushed out as quickly as possible. The policy goes into effect for bugs that have been found from Jan. 1 on, Willis noted that the change is merely a trial phase.
Source: https://threatpost.com/google-ditches-patch-disclosure-90-day-policy/151626/