Google’s Project Zero update to its vulnerability disclosure guidelines added 30 days to allow for patch adoption and deployment. The change comes after 25% of the detected zero-day exploits could have been avoided with more thorough patching efforts. Google’s Project Zero team has influenced other organizations to build bug-hunting teams like Microsoft’s recently-formed Microsoft Edge Vulnerability Research group that focuses on keeping the Edge browser more secure. Government and industry need to come together after such incidents to find ways to prevent future attacks and vulnerabilities.
Source: https://www.forcepoint.com/blog/x-labs/responsible-vulnerability-disclosure