Sticking to its 90-day rule in disclosing known security vulnerabilities to the public as part of Project Zero, an initiative to help improve online security, Google announced a Windows 8.1 security flaw two days prior to Microsoft’s planned Patch Tuesday patch, angering Microsoft execs and putting the public at higher risk for security breaches for the two days before the patch was released.
Google vs. Microsoft: Who’s to Blame if Something Goes Wrong?
At first, it seems as if Google is the bad guy here, alerting not just the public but hackers as well to the two-day window of opportunity to exploit this vulnerability. Why not wait the extra two days and announce this flaw on day 92, when the patch to fix this issue is available, instead of day 90. Does two days really matter?
Then you think about Microsoft. Yes, the patch was scheduled to be released on their standard monthly Patch Tuesday but why did it take 92 days to resolve this issue? Google did its part, notifying Microsoft privately to this issue and sticking to its 90-day plan. Microsoft argued the importance of “Coordinated Vulnerability Disclosure,” wherein Google would privately notify Microsoft to the security flaw, working together only to have Google announce the flaw once the fix has been published. That seems the responsible way to handle these issues but this is not the first time Microsoft has missed Google’s 90-day deadline for fixing privately reported security flaws.
One thing is a given: security updates are coming all the time and missing one can make you vulnerable to attack. That’s why we recommend installing InstantRecovery on your systems (or InstantRescue at home) before a security breach. In the case you miss Patch Tuesday – or Patch Tuesday results in system failure – you can reboot to a known state in less than 30 seconds, restoring selected data in its most recent state at the time of system failure. Save hours of time rebuilding systems. Learn more about InstantRecovery or download a free trial. Home users: Download a free trial of InstantRescue.
Who’s side are you on: Google or Microsoft?