The Project Zero team today announced an updated vulnerability disclosure policy for 2021. It follows changes made last year to better address perennial concerns from the broader security community.
project zero Stories April 15
project zero Stories July 22, 2020
Apple today launched a Security Research Device Program to help third parties find iPhone and iPad vulnerabilities. Google’s Project Zero team says its won’t be able to use the modified iOS devices because the program imposes restrictions that prevent 90-day disclosures.
project zero Stories May 8, 2020
Samsung patches security vulnerability impacting all Galaxy phones sold since 2014
Android gets a lot of flak for security, but most of the time errors can be traced back to changes that were made to the open-source platform. This week, a security vulnerability in every Android phone Samsung has sold since 2014 was patched after being exposed by Google’s Project Zero.
project zero Stories February 14, 2020
Being the biggest Android OEM, Samsung and Google are generally close partners. Google’s Project Zero, though, is tasked with finding bugs and security exploits. This week, Google is calling out Samsung for an issue on the Galaxy A50, specifically mentioning Samsung’s “unnecessary changes” to Android’s core kernel.
project zero Stories January 7, 2020
Project Zero is widely regarded for finding major vulnerabilities, but criticized by industry peers for their relatively fast disclosure times. For 2020, the security team is trialing a new policy where a full 90 days will be given before disclosing issues.
project zero Stories September 6, 2019
Google stands by iOS vulnerability research following Apple rebuttal
Apple today released a rebuttal to the security vulnerabilities that Google detailed in depth last week and called it “one of the largest attacks against iPhone users ever.” The iOS maker took issue with several key points, but Google is standing by its works.
