Google Project Zero is a well known security team that is tasked with finding vulnerabilities in software products developed by various vendors, including Google itself. Its process of disclosure involves reporting a security bug privately to the vendor, giving them 90 days to release a patch before all details are exposed publicly. In some conditions, an extra 30 day grace period is also awarded. The idea behind this approach is that companies will work faster to resolve security issues under...
