Google Project Zero = Zero fucks given


Via BBC News:

Google’s Project Zero seeks to find bugs in popular software and then give the manufacturers responsible 90 days to fix the problem.

This bug, which affects Windows 8.1, was revealed by Google to Microsoft on 13 October 2014.

On 11 January, Google publicised the flaw. Microsoft said it had requested that Google wait until it released a patch on 13 January.

Read Chris Betz’ full post on Microsoft’s approach to vulnerability disclosure:

Microsoft has long believed coordinated disclosure is the right approach and minimizes risk to customers. We believe those who fully disclose a vulnerability before a fix is broadly available are doing a disservice to millions of people and the systems they depend upon.

Kinda hard not to agree with Microsoft on this one, and difficult to understand why Google stuck so rigorously to their 90 day mandate. But people are definitely divided on it.

UPDATE: And Google has done it again. And yet they refuse to fix their own bugs. Crazy.

Add comment

By Craig Bailey