Google limits its grace period

Google plans on publishing details of vulnerabilities in software within 7 days of its disclosure. It will grant the affected manufacturer just seven days grace to fix the vulnerabilities or publish an advisory with mitigation strategies for users.

Google had previously given a vendor 60 days to either publish advice on how to, for example, temporarily disable a service, restrict access or offer contact information to provide more direct assistance. "Each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised" says Google.