Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on January 12, 2015

Microsoft calls out Google for revealing details of bug just before it rolled out a fix


Microsoft calls out Google for revealing details of bug just before it rolled out a fix

Microsoft has strongly criticised Google for disclosing a serious bug in Windows 8.1, two days before it was due to issue a fix.

Google revealed the security flaw this weekend. It did so because the rules of Project Zero, its security research project, say it should make bugs public 90 days after it reports them to the company affected. Microsoft was notified about the issue in question on October 13th 2014.

Microsoft is annoyed because it had asked Google to hold off publishing details of the bug before it pushed a fixed on one of its regular Patch Tuesdays this week.

Chris Betz, Microsoft’s senior director for trustworthy computing, wrote that Google’s move “feels less like principles and more like a ‘gotcha’, with customers the one who may suffer as a result.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

He continues: “What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.” Microsoft has called for Google to sign up to its Coordinated Vulnerability Disclosure policy.

Google security researcher Ben Hawkes defended its 90-day disclosure policy after a previous Windows security flaw was revealed. He said that “disclosure deadlines are currently the optimal approach for user security – it allows software vendors a fair and reasonable length of time to exercise their vulnerability management process, while also respecting the rights of users to learn and understand the risks they face.”

It’s clear that Microsoft doesn’t agree. You can expect to see many more of these spats in the future.

➤ A Call for Better Coordinated Vulnerability Disclosure [Microsoft Security Response Center]

 

 

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top