Google has been criticized by Microsoft after a security flaw was made public. The Windows flaw was publicized by Google when they posted details of a bug online. A patch to fix the security flaw was then released. Microsoft were angry about Google’s decision to draw attention to the bug, saying that it was putting users at risk.
The decision to publicize the bug was part of the search giant’s Project Zero initiative. The initiative is designed to coerce companies into fixing bugs and dealing with security issues quickly. Google have been criticized by various security experts including Graham Cluley, who said: “I feel sorry for the users, who could be impacted by Google’s schoolyard antics”.
Google are yet to respond to Microsoft’s criticism. The Project Zero initiative aims to find bugs in software and give manufacturer’s 90 days to resolve the problem. Google told Microsoft about the bug on 13 October 2014. Microsoft asked to be given until 13 January but the search giant went ahead and made the issue public two days before.
Microsoft’s Chris Betz said: “We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix.” He added: “Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha’, with customers the ones who may suffer as a result.
Do you think Google were right to make the flaw public? Should they have given Microsoft the requested two days? Let us know below.
