Google Project Zero is updating its vulnerability disclosure policy with a "Reporting Transparency" trial to reduce the time it takes to fix vulnerabilities. The current "90+30" policy aims for quick patch development and adoption, but the "upstream patch gap" remains a key issue. This gap involves delays between a fix being available and its integration by downstream vendors. Google's trial focuses on upstream technologies, like chipsets and drivers, highlighting the extended vulnerability lifecycle. The new trial begins by publicly announcing a vulnerability report within a week, including vendor, affected product, and reporting date. The goal is to inform downstream dependents and improve communication for faster patch deployment. No technical details will be released until the 90-day deadline, making the announcement an alert, not a guide for attackers. Project Zero acknowledges some vendors may face increased attention but believes benefits outweigh potential inconvenience. The trial aims for a safer ecosystem where vulnerabilities are fixed on user devices, not just in code repositories. Project Zero plans to monitor the trial's effects and adapt its policies based on the findings. They hope to encourage better patch adoption and ultimately improve the security of the overall ecosystem. The trial specifically addresses the time between a fix becoming available and its being integrated by dependent vendors. This increased transparency will help shorten the overall vulnerability lifecycle for end-users.