Particle.news

Download on the App Store

Google Project Zero Launches Weekly Early Vulnerability Alerts

The trial aims to close the ‘upstream patch gap’ by publicly flagging new security flaws soon after vendors are notified.

Google vulnerability policy
Image
Image

Overview

  • Starting late July, Project Zero has begun issuing weekly public notices of newly reported vulnerabilities under the Reporting Transparency trial.
  • Each alert includes nontechnical metadata—vendor or open-source project, affected product, report date and 90-day disclosure deadline—without disclosing technical details or proof-of-concept code.
  • The policy maintains the original 90-day bug-fix deadline plus a 30-day adoption window if vendors release patches before the deadline.
  • Google Big Sleep, the Google DeepMind–Project Zero collaboration, is also applying the early notice policy to its vulnerability reports.
  • Project Zero will track how weekly disclosures influence downstream integration and end-user patch adoption to inform potential policy adjustments.