Google Project Zero Launches 2025 Reporting Transparency Policy to Tackle the Patch Gap
Google Project Zero has announced its 2025 Reporting Transparency policy, aiming to reduce the “upstream patch gap” — the critical delay between when a vendor develops a security fix and when downstream dependents integrate it into products used by end users. While the core 90+30 disclosure model remains in place, Project Zero will now publicly confirm the existence of a vulnerability within one week of reporting it to a vendor. These disclosures will include the vendor, affected product, and reporting timelines, while withholding technical details to avoid aiding attackers.
The new transparency step is designed to improve communication across the supply chain, enabling downstream partners to take early action and strengthening patch adoption. Google Big Sleep, a joint initiative with DeepMind, will also pilot this policy. By signalling vulnerabilities sooner, Project Zero hopes to accelerate remediation, enhance ecosystem security, and build industry consensus that vulnerabilities are a reality requiring coordinated response, not secrecy.
#GoogleProjectZero #CyberSecurity #PatchGap #UpstreamPatchGap #VulnerabilityDisclosure #ReportingTransparency #CyberResilience #SecurityPolicy #BugHunting #DeepMind #BigSleep #CyberDefense #SecurityResearch #VulnerabilityManagement #InfoSec #DataSecurity #SoftwareSecurity #TechPolicy #BugDisclosure #CyberAwareness #DigitalSecurity #ThreatMitigation #SecureEcosystem #TransparencyInSecurity #VulnerabilityAlerts #CyberTransparency #InfoSecurity #CyberEcosystem #PatchManagement #EndUserProtection
