Google’s Zero-day Security Campaign
Google move quickly to rectify vulnerabilities reported in 2021 by the creditable Project Zero IT security team. The Zero-day technical analysts stated that Google tech staff administered the security patches in just 28 days, which was a lot faster than the average patch updates done in 2019.
In addition, the research team revealed that vendors that sell Google’s products usually take approximately two months to correct security flaws reported in 2021. Accordingly, the average time that the software and hardware vendors took to fix security issues is well below the recommended time of 90 days, which has trended downwards from the previous year, when it took 80 days back in 2019.
The Google IT technical support team should be credited for their efficient service. They have helped protect users of the company’s hardware and software from the exploitation of dark web hackers. In addition, vendors have assiduously worked to decrease the deadline from 90 days to 52 days, which is even lower than the 80 days average recorded in 2019. Above all, the team reported only a single bug that exceeds the deadline, with only a small 14% of vendors utilizing the additional 14 days grace period.
Google Vows Increase Transparency
Google states that the company is moving more towards increasing its transparency with the help of its vendors. According to Ryan Schoen, the head of Project Zero stated that the trend is in accordance with its responsible disclosure of tech policies. And in keeping with the industry standard, Google’s vendors can act quickly to reported errors. The Project Zero disclosure was made available in this blog post.
However, the Project Zero spokesperson cautioned against outliers “in that they may receive faster action as there is a tangible risk of public disclosure as Project Zero is a trusted source of reliable bug reports”.
The blog article also revealed the de-facto standard that the industry operates by. However, Google expects vendors can learn best practices from other members. This Google hopes would increase the transparency of the tech industry, and improve the policy guidelines whereby other tech giants could benefit.
In conclusion, the tech industry must stay vigilant and proactive when it comes to safeguarding its consumers. They must always strive to be one step ahead of dark web hackers, who are always on the prowl for their next unprotected victims.