Project Zero Announces Reporting Transparency Trial
Google Project Zero announces a trial "Reporting Transparency" policy beginning today that will publicly note when vulnerabilities are reported, typically within one week. The change retains the existing 90-day disclosure deadline and 30-day patch adoption window while listing the vendor, affected product, report date, and disclosure deadline. Project Zero expects the signal to reduce the upstream patch gap and improve downstream patching and tracking.
Key Points
- 1Announces trial of 'Reporting Transparency' to publicly flag reported vulnerabilities within one week
- 2Highlights upstream patch gap, where fixes exist but downstream products haven't integrated them
- 3Encourages stronger upstream-downstream communication, enabling faster patch adoption and tracking of fix timelines
Scoring Rationale
Official, actionable policy change with wide upstream-downstream scope; limited novelty beyond disclosure timing and modest ecosystem coverage.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
