Project Zero is code for Galaxy S6 AND Google’s new policy
Project Zero nowadays is directly related to the new flagship Samsung is launching at the MWC 2015 next month, the Galaxy S6. As it turns out, Project Zero is not just the code-name for the Galaxy S6, as Google has adopted the name for their security team that developed a new bug disclosure policy it will be enacting. Project Zero actually stands for Google’s security team which is working on new ways of finding, sharing and disclosing software bugs found in programs and operating systems around the world.
Google has been the target of outrage on the part of Apple fans for disclosing incremental flaws and bugs in OS X Yosemite before Apple had the time to release a patch for the security bugs in the software. With that in mind, Google decided to re-think their bug disclosure policy so that they can better avoid incidents. The new policy comes as an attempt to calm spirits down, but it also tackles the problem of software bugs and their slow resolution. With Project Zero, Google aims to incentivize the fast development of patches and fixes for the bugs the security team finds in software.
The Project Zero policy now targets bug disclosure for major companies like Apple and Microsoft and aims to make the deadlines more lenient and provides assurance to companies that Google won’t release the bugs their security team has found until the company has enough time to develop a fix or a patch for the bugs in question. According to Google representatives, security vulnerabilities will only be disclosed after 90 days since the company experiencing the vulnerabilities was announced. The catch here is that before the 90 day period expires, companies have to announce the Project Zero team that they have found a fix. If that fix will be issued in 14 days after the 90 day deadline has expired, Google won’t release the information. If the fix won’t be readily available within than two-week window, Google will disclose information about the bugs the team has found.
Some might find the Project Zero team invasive, because they are in fact investigating competitors’ software for security flaws, while others think that Google is right in acting as a watchdog. Truth be told, it is beneficial for users to know what security flaws their software has across devices and are entitled to know about them in due time. Others feel that each company should do their own checks separately, but there’s no clear oversight in the matter as of yet.