The company also called for changes to the practice of 'responsible disclosure', whereby someone who finds a flaw lets the company know - with Google claiming that some companies hide behind this and let repairs to the flaws drag on for some time, even years in some cases, saying in a blog post:
"We believe that responsible disclosure is a two-way street. Vendors, as well as researchers, must act responsibly. Serious bugs should be fixed within a reasonable timescale.Such a repair timescale calls for organised vendors able to quickly deploy fixes, of course - and I wonder whether this is a dig at the likes of Microsoft who are often less timely to fix problems.
Whilst every bug is unique, we would suggest that 60 days is a reasonable upper bound for a genuinely critical issue in widely deployed software."