Microsoft slams Google for making software flaws public
Google found the bug as part of its Project Zero initiative — which gives developers 90 days to fix problems before they are made public
Microsoft has criticised Google for making public a flaw in Windows, days before the problem was about to be fixed.
Google posted details of the problem in Windows 8.1 online in October, as part of its Project Zero plan to pressure firms into sorting out security problems. But Microsoft has said that Google’s policy of making the problem public endangered users.
“The decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result,” said Chris Betz, a senior director in Microsoft’s Security Response Center, in a long and sometimes angry blog post yesterday.
He said that Microsoft had asked Google to hold off on releasing details of the problem but that it had done so anyway. Google waits 90 days before it releases the details, which it did on January 11, though Microsoft said it had asked Google to wait until January 13 when it plans to release a fix.
With Project Zero, Google seeks to find problems in software and notify their developers of them, to keep users from harm. But if manufacturers don’t fix it within the 90 day timeline, Google makes the bugs public to encourage developers to fix them.
But Betz said that such disclosure rules don’t always help users.
“Those in favor of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves,” he said. “We disagree.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies