Google's Project Zero is trailing a new policy under which all vulnerabilities will be publicly disclosed after 90 days, irrespective of when the bug is fixed (Abner Li/9to5Google)

Abner Li / 9to5Google:
Google's Project Zero is trailing a new policy under which all vulnerabilities will be publicly disclosed after 90 days, irrespective of when the bug is fixed  —  Project Zero is widely regarded for finding major vulnerabilities, but criticized by industry peers for their relatively fast disclosure times.