CHINA TOPIX

12/22/2024 06:50:09 pm

Make CT Your Homepage

Microsoft Not Happy With Google's Early Vulnerability Disclosure

Google has recently disclosed a vulnerability on Microsoft's Windows system, two days before Microsoft was reportedly going to patch the vulnerability.

Although the Google announcement fit with its own timeline on vulnerability updates, senior director of MSRC Chris Betz claims Google only announced the vulnerability early to harm Microsoft's reputation.

Like Us on Facebook

In a blog post, Betz claims Microsoft knew and had already fixed the vulnerability, and asked Google to stay quiet about the issue until January 13, when Microsoft would roll out its 'Patch Tuesday' fix for Windows.

Microsoft says the Coordinated Vulnerability Disclosure (CVD) is the smartest way to notify companies of vulnerabilities, without having to disclose the vulnerability to the internet.

However, Google is currently focused on making sure all systems are secure, and does not abide by the CVD, instead updating its vulnerability awareness as soon as possible.

Even though the two day vulnerability could have harmed users, it shows Google is not ready to work with other companies and slow down the procedure. By outing the vulnerability, it potentially gets fixed quicker, and better yet users know there is a vulnerability on the service.

Microsoft has changed its mantra regarding bugs and vulnerabilities over the years, previously focusing on alerting users as quick as possible, regardless of potential effects.

In the past few years however, Microsoft has adopted slowness over caution, and the adoption of CVD shows the company is not longer in a place of announcing vulnerabilities early to other tech company's services.

Google has invested in a full team to work on vulnerabilities to web services and popular platforms, in 2014 the team found a Heartbleed bug affecting 2/3 of SSL certificates, deemed one of the largest web vulnerabilities in recent history.

Real Time Analytics