From thehackernews.com
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation.
“While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which is the real story,” the company said in an announcement. “Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more.”
Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities.