Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google discloses unpatched Windows vulnerability

Grant Gross | Jan. 5, 2015
A Google researcher has disclosed an unpatched vulnerability in Windows 8.1 after Microsoft didn't fix the problem within a 90-day window Google gave its competitor.

Google, in a statement published on Engadget, defended the release of the vulnerability information.

Google's 90-day deadline for fixing bug is "the result of many years of careful consideration and industry-wide discussions about vulnerability remediation," the company said. "Security researchers have been using roughly the same disclosure principles for the past 13 years ... and we think that our disclosure principles need to evolve with the changing infosec ecosystem. In other words, as threats change, so should our disclosure policy."

Google will monitor the effects of its policy closely, the company added. "We want our decisions here to be data driven, and we're constantly seeking improvements that will benefit user security," the company added. "We're happy to say that initial results have shown that the majority of the bugs that we have reported under the disclosure deadline get fixed under deadline, which is a testament to the hard work of the vendors."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.