Wednesday, November 2, 2016
Google has unveiled a critical security bug on Windows just 10 days after informing Microsoft, and they're not too happy about it.
Microsoft says that disclosing such vulnerabilities puts the users at risk but Google says users were already at risk, considering this same flaw is being used in attacks occurring right now - while at the same time it says it has already fixed Chrome so it wouldn't be vulnerable to this bug, and urging Microsoft to do the same in a timely manner.
The time for public disclosure of security bugs is something that, in the past, could represent months; but in 2013 Google's security team decided to shake things up and reduced it to just 7 days. Lots of companies say 7 days isn't enough to fix complex bugs (and truth be told, Google hadn't disclosed a flaw in such short notice till now).
But the point is... each and every day such a critical bug goes unfixed is one more day leaving hundreds of millions of users vulnerable to attack and, worse still, having no idea they're wide open to attack. In that sense, I think it's better to know that there's a bug that need urgent fixing; and Microsoft (or any other) should do their best in fixing it as quickly as possible.