Google, in a statement published on Engadget, defended the release of the vulnerability information.
Google's 90-day deadline for fixing bug is "the result of many years of careful consideration and industry-wide discussions about vulnerability remediation," the company said. "Security researchers have been using roughly the same disclosure principles for the past 13 years ... and we think that our disclosure principles need to evolve with the changing infosec ecosystem. In other words, as threats change, so should our disclosure policy."
Google will monitor the effects of its policy closely, the company added. "We want our decisions here to be data driven, and we're constantly seeking improvements that will benefit user security," the company added. "We're happy to say that initial results have shown that the majority of the bugs that we have reported under the disclosure deadline get fixed under deadline, which is a testament to the hard work of the vendors."
Sign up for CIO Asia eNewsletters.