A tussle has ensued between Microsoft and Google over the latter’s decision to make public, bugs associated with the former’s operating software. Google is reportedly implementing a new policy under its Project Zero project that prompts it to make public bugs that are not fixed within a 90 day period, from the day associated parties are notified.
Google opted to go forth and make the public the vulnerabilities much to the criticism of Microsoft which maintains the announcement only makes Windows users vulnerable to attacks, from hackers. Undeterred by the increasing criticism after making public flaws associated with Windows 8.1, Google yet again went forth and made public bugs associated with Windows 7.
Recently announced bugs reportedly allow attackers to impersonate users thereby gaining access to machines running on Windows 7 and Windows 8.1. Under the new project, Google searches the internet with a view of identifying vulnerabilities in apps, as well as communication services. Before making public the vulnerabilities, the giant search engine company is mandated to notify the associated firms which are required to fix the vulnerabilities with speed.
Google’s second disclosure was reportedly put to Microsoft’s attention on October 17, 2014 of which the giant software company was given 90 days to respond to the same. Microsoft is believed to have been angered by Google’s decision to make public the bugs just two days before it rolled over patches to the vulnerabilities
Microsoft’s senior director for security response, Chris Betz, has already slammed Google, terming its action as irresponsible as they had asked them not to go public as the fix was all but set to be released. Bret reiterates that what is right for Google in terms of making public the vulnerabilities might not all the time work to protect consumers. The director has urged the giant search engine company to make protection of customers its primary goal instead of leaving them vulnerable to attacks by going public.
