Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don’t give a damn thought.
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.
First, this article makes the usual mistake of calling these vulnerabilities “zero day”. They are not zero day. They are 90 day. A huge difference that changes the entire context of the story. Microsoft gets 90 days – three months – to address these issues. I do not see why Google has to account for Microsoft’s inflexible security policies which leave users in the lurch.
Second, note that Google also disclosed two OS X vulnerabilities alongside the Windows one. Nobody seems to be talking about those.
Third, Google, how about addressing your own security problems.
Perhaps, a well known government agency needed more time to move their exploit tools to an other unknown exploitable vulnerability(/feature) ?