Google to snitch on vulnerable products

Google has announced that it will give software vendors whose products are being actively exploited just seven days to issue a fix or an advisory that includes workarounds or other mitigation suggestions. After the week-long grace period, the company said it would make details of the flaw public in such a way as to allow users to protect their systems.

Prior to the announcement, Google gave vendors 60 days before going public. Google acknowledges that its new stance is “aggressive”, but maintains that one week is sufficient time to release risk mitigation advice. Google says it will abide by the same requirements to address bugs in its own products.

Google claims they what’s good for the gander is good for the goose. So they will fix flaws in the Chrome browser within 7 days? Ya. Right. That means we will see an updated browser version almost every week. Chrome browser was ranked [from what I read] as the #2 most vulnerable browser of 2012 [was #1 in 2011]. With sometimes more than a dozen vulnerabilities “corrected” with every new version, good luck to them!

Maybe they figure they can put the spotlight on their arch enemies [Microsoft and Apple] forgetting that their own products aren’t that immune to vulnerabilities.

A week is too short for any place to correct a problem. They need to figure out the problem, find a way to fix it, fix it and the test to make sure it works and doesn’t bugger up anything else.

Advertisements

About ebraiter
computer guy

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: