Forum Moderators: open
...it's Windows users who are feeling the pain after Google publicly posted the details of a Windows 8.1 flaw before Microsoft could fix it. In a public response to the disclosure, Microsoft's security chief Chris Betz says that Google's decision to publish and be damned before his company's scheduled patch was less about "principles" and more about getting one over on its rival.
In terms of the software industry at large and each player’s responsibility, we believe in Coordinated Vulnerability Disclosure (CVD). This is a topic that the security technology profession has debated for years. Ultimately, vulnerability collaboration between researchers and vendors is about limiting the field of opportunity so customers and their data are better protected against cyberattacks.better coordinated system for vulnerability disclosure [blogs.technet.com]
We believe those who fully disclose a vulnerability before a fix is broadly available are doing a disservice to millions of people and the systems they depend upon.
Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.
