Share The 30-day grace period is designed to speed up the rollout and adoption of patches Google’s Project Zero team has announced that it will give vendors and companies an extra 30-day period before it discloses the technical details of a vulnerability. “Starting today, we’re changing our Disclosure Policy to refocus on reducing the time it takes for vulnerabilities to get fixed, improving the current industry benchmarks on disclosure timeframes, as well as changing when we release technical details,” said Tim Willis, the senior security engineering manager of Google’s elite bug-hunting crew. Previously, in line with the 2020 disclosure policy, vendors were afforded a 90-day cycle between the initial vulnerability was reported and until its details were publicly disclosed, with the public disclosure taking place regardless of whether the bug was fixed or not.