posted by Thom Holwerda on Mon 19th Jan 2015 12:24 UTC, submitted by Alfman
Icon

Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought.

Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.

First, this article makes the usual mistake of calling these vulnerabilities "zero day". They are not zero day. They are 90 day. A huge difference that changes the entire context of the story. Microsoft gets 90 days - three months - to address these issues. I do not see why Google has to account for Microsoft's inflexible security policies which leave users in the lurch.

Second, note that Google also disclosed two OS X vulnerabilities alongside the Windows one. Nobody seems to be talking about those.

Third, Google, how about addressing your own security problems.


e p (1)    46 Comment(s)

Technology White Papers

See More