TechSpot

Google will make critical security exploits known after a week

By Dave LeClair
May 30, 2013
Post New Reply
  1. Google and its team of security researchers are known for catching some of the biggest security exploits in other companies' products. Normally, the period for revealing a flaw to the general public is 60 days, which gives the affected company...

    Read more
     
  2. highlander84

    highlander84 TS Booster Posts: 103   +24

    Hopefully it will motivate the other companies to issue fixes faster. Rather than sitting on their hands... I agree with Google on this. If they know there is a security flaw, who's to say that others haven't found it as well. So waiting 60 days could be more dangerous than announcing it publicly sooner.
     
    ReederOnTheRun likes this.
  3. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,492   +2,044

    How kind of Google to worry about someone else's software. Who worries about theirs? Certainly not M$ unless they're being paid.
     
  4. 9Nails

    9Nails TechSpot Paladin Posts: 1,212   +174

    I hope it doesn't lead to poorly tested patches. I get that the flaw is a problem, but it takes time to make a fix and test that the patch didn't break other sections of your code.
     
  5. Critica1Hit

    Critica1Hit TS Rookie Posts: 27

    Exactly.

    One thing though, how about two weeks Google? Going from 60 days to 7 may be a little too aggressive.
     
  6. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,554   +2,897

    How else would they be able to send out consecutive patches? At least with the patching we fall under a false sense of thinking they are doing something. What would we think if they didn't have anything to patch?

    I guess you can tell I don't have any respect for a company that wants everyone around the globe paying them yearly. I tend to wonder where it all goes. And if I really knew, I'd probably be pissed instead of just disappointed.
     
  7. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    It will make stuff more secure. Nice job Google.
     
    ReederOnTheRun likes this.
  8. ReederOnTheRun

    ReederOnTheRun TS Booster Posts: 304   +62

    I agree with Google on this one. I'm not sure it would be right to leave the users at risk for 60 days just because the other company didn't make their product right the first time or wants to put off fixing the security flaw. I think a smaller window will help push these companies to take those security flaws more seriously.

    Also, Google is basically doing their jobs by finding these security flaws for them; That makes it a bit more difficult to criticize them :p
     
  9. Chazz

    Chazz TS Evangelist Posts: 671   +73


    How do you figure? When that one company from Pwn2Own decided they didn't want to release the exploits that they took the time to figure out. Google threw a hissy fit and made their own competition. Either play by the rules or don't. Don't be a hypocrite.
     
  10. ReederOnTheRun

    ReederOnTheRun TS Booster Posts: 304   +62


    Actually, if Google was upset that they didn't release the exploits, then that would make Google a hypocrite only if they are NOT releasing the exploits. Since Google is now releasing them even faster, it is actually being the exact opposite of a hypocrite.

    And what are these "rules" you're talking about? Google is the one who found the exploits; the "rules" concerning the release of those exploits are whatever Google says they are.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...