> Even if patches were available, it would be far better to wait for most devices to be patched before releasing a full exploit.
The practice of a firm 90-day release schedule increases the probability that vendors will fix patches and take steps to assure that they are deployed to most devices within that period. But that only works if the practice is firm.
This is a great point. The article bemoaned Project Zero's rigid deadline as unreasonable, but I think you have it right - a known and standard deadline doesn't leave anyone surprised.
Yes, that is exactly what I am asking. I want ready-to-use exploit for vulnerabilities in major Android versions after 90 days from disclosure to Google from Project Zero.
