"They introduced a grace period of two weeks," he said. "If a patch has a planned release date in the next two weeks, they will not disclose, they will wait. The listened to the security industry, and they fixed the issue."
Google received criticism earlier this year for disclosing a Microsoft vulnerability, and sample exploit code, exactly ninety days after they had notified Microsoft about the problem -- even though Microsoft was just about to release a patch.
Sign up for CIO Asia eNewsletters.