Microsoft spanks Google for announcing vulnerabilities before a fix
January 15, 2015 Leave a comment
[OK maybe not spanked.]
Chris Betz, Senior Director, MSRC, Trustworthy Computing at Microsoft decided enough was enough and ripped into Google for announcing a bug that is vulnerable in at least some versions of Windows in a recent blog.
In it, he spanked Google for announcing the vulnerability just days prior to Microsoft releasing an update to correct the problem. Microsoft asked Google to hold off on announcing the vulnerability until today [January 13] but Google went ahead and announced the vulnerability.
Now with the release of the vulnerability, those who use this information could exploit the vulnerability if they act fast.
Remember that while the January updates are released on January 13, it may take days and in some cases even weeks before they are applied to the vulnerable computers. This gives the exploiters a head start.
Unsure what Google would accomplish by releasing the information early except maybe to rub it in against an arch rival.
Google seems to be the only major company that goes out of its way to “attack” another company publically. You don’t see Adobe announcing a problem with OS X before Apple could fix the problem [or vice versa].
Mr. Betz says that it is Microsoft’s policy not to disclose a vulnerability in another company’s product until that company has had the time to release and update. I agree with this policy.
I could imagine what Google’s reaction would be if Microsoft played the tit-for-tat game and went after Google’s most vulnerable products – Chrome browser or the Android OS [probably not hard to find something!]. Microsoft would have a field day. Google wouldn’t be too happy.