Google Project Zero will change the deadline of 90 days in a new model that incorporates a new 30 day grace period to give users χρόνο να εγκαταστήσουν updates before the technical details of a vulnerability are revealed.
Project maintains a 90-day disclosure period for vulnerabilities that have not been fixed; however, if an update occurs within this disclosure period, the technical details will be displayed 30 days after the release of the update.
For exploits which are already online, the disclosure will take place one week after the notification, along with the technical details if they are not fixed.
In very rare cases Project Zero has given developers a grace of fifteen days after the revelation, or a period of 3 days for very dangerous exploits. This period will now be part of the grace of the 30 days before the technical details are released.
“Moving to a '90+30' model allows us to fix update adoption time while supporting the reduction of time users are vulnerable to known attacks.