Online: | |
Visits: | |
Stories: |
Story Views | |
Now: | |
Last Hour: | |
Last 24 Hours: | |
Total: |
Microsoft is calling foul after Google publicly posted the details of a Windows 8.1 vulnerability — a move the software giant says left its customers susceptible to attack.
Google posted details of the flaw on its bug reporting site before Microsoft could issue a patch to fix the problem. And now Microsoft is calling Google out for its actions, intimating the technology titan’s attempt to embarrass Microsoft was irresponsible.
Microsoft senior director of research Chris Betz said his firm asked Google to keep a lid on the information until Jan. 13, the date that Microsoft would have a patch available.
“Google has released information about a vulnerability in a Microsoft product, two days before our planned fix on our well known and co-ordinated Patch Tuesday cadence, despite our request that they avoid doing so,” Betz said in a blog post.
“Specifically, we asked Google to work with us to protect customers by withholding details until Tuesday, Jan. 13, when we will be releasing a fix. Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
Betz said Microsoft believes “co-ordinated disclosure” is the best way to reduce risk to customers.
“We believe those who fully disclose a vulnerability before a fix is broadly available are doing a disservice to millions of people and the systems they depend upon,” Betz continued in his tongue-lashing of Google.
“Other companies and individuals believe that full disclosure is necessary because it forces customers to defend themselves, even though the vast majority take no action, being largely reliant on a software provider to release a security update. Even for those able to take preparatory steps, risk is significantly increased by publicly announcing information that a cyber-criminal could use to orchestrate an attack and assumes those that would take action are made aware of the issue.”
The issue was debated on Google’s bug reporting site with the sides appearing to be evenly split.
Samplings from the pro-Google camp:
Those siding with Microsoft:
The issue is also being debated on Twitter:
Bentz, in his blog post, issued a call for all companies and researchers to work together for the good of the customer.
“We ask that researchers privately disclose vulnerabilities to software providers, working with them until a fix is made available before sharing any details publically,” he wrote. “It is in that partnership that customers benefit the most.”
Bentz added that asking for such a partnership is not “in any way an abdication of responsibility,” adding it is the company’s job to “build the best possible software that we can, and to protect it continuously to the very best of our ability.”
Is Microsoft right to expect researchers and companies to work together, or was Google in the right to expose the flaw when it did? We want to hear from you in the comments below.
Post from: SiteProNews: Webmaster News & Resources
Microsoft Chastises Google for Reporting Windows Flaw
Jennifer Cowan is the Managing Editor for SiteProNews.
The post Microsoft Chastises Google for Reporting Windows Flaw appeared first on SiteProNews.