TechSpot

Microsoft claims Google's software bug disclosure does a "disservice" to users

By Justin Kahn
Jan 12, 2015
Post New Reply
  1. Google and Microsoft are at odds over the search giant's Project Zero, which prides itself on offering companies advanced warning in order to fix software issues before being sent out to the public. Google's program is said to offer companies...

    Read more
     
  2. Cycloid Torus

    Cycloid Torus TS Evangelist Posts: 1,665   +312

    Google gets 5 minutes in the penalty box for crowding the foul line. Microsoft gets 10 minutes in the penalty box for failing to get its team on the field.
     
  3. Win7Dev

    Win7Dev TS Evangelist Posts: 567   +174

    So maybe Microsoft should start fixing their stuff faster. I don't see any problem 90 days is an eternity for security professionals.
     
  4. SourDo

    SourDo TS Rookie

    90 days notice gives Microsoft at least two "patch Tuesdays" to include a fix into Windows Update. And if they're unable to get a fix in time for the second opportunity, they could choose to issue an "out-of-band" Windows Update before the 90 day limit. I've seen a lot of out-of-band updates in recent months from Windows Update. So wouldn't the security vulnerability referenced in this article be important enough to have deserved an out-of-band Windows Update? It seems that Microsoft is doing as much a disservice as Google is by letting a vulnerability that was reported to them to remain unpatched for so long.
     
  5. Uncle Al

    Uncle Al TS Evangelist Posts: 1,682   +788

    WOW .... talk about the pot calling the kettle black ... of course, in this case the pot and kettle are completely interchangeable with one raping my wallet while the other simply sells my soul to the devil. Decisions, decisions, decisions ......
     
  6. Puiu

    Puiu TS Evangelist Posts: 1,915   +537

    They need the 90 days or else tech companies will not fix them in a reasonable time frame.
     
  7. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,518   +506

    You do realize it's not just a matter of "here, it's done", if the bug was there first it was for some reason, probably a functionality that someone else found how to take advantage of, so they not only have to address the issue, they have to do it without disabling the actual useful part, and all of that without breaking code somewhere else, since it's... the operating system and not just some software you install/uninstall, so yeah, I don't think those are the 24 hours fixes you can just put out there.
     
    Teko03 and treeski like this.
  8. dgoodchild

    dgoodchild TS Member

    From the article:
    "Chris Betz, the senior director at Microsoft’s Security Response Center, said in a blog post that the company believes full disclosure of a vulnerability ahead of a fix becoming "broadly available" is doing a "disservice" to millions of users and the systems they use on a daily basis."

    If disclosing the vulnerability is doing a disservice to users I wonder what Mr. Betz calls knowing about the vulnerability and taking more than three months to fix it.
     
  9. treeski

    treeski TS Evangelist Posts: 962   +205

    Most of the commenters here clearly don't know how complicated some fixes can be. Along with critical and time consuming QA testing, getting a patch ready can take a long time. It's good that Google "threatens" companies with revealing vulnerabilities, but there is no reason they can't be flexible and wait two days.
     
    Last edited: Jan 13, 2015
    cliffordcooley and Teko03 like this.
  10. tipstir

    tipstir TS Ambassador Posts: 2,393   +108

    I had developed and introduced a software titled called FAST RETURN for all versions OS back in 1991 to 1998, by 1998 Microsoft was interested in it. So once I had met one of the Vice Presidents for East Coast from Microsoft in 1998.

    MS VP had told me I could make Million with my software that allowed users who got BSD in Windows to recover quick without doing a reboot! He said Microsoft was coming out with a better OS that you don't need to use my software. Boy was is completely wrong on that statement.

    But he had also told me what Microsoft objective was, that all version of the OS (Client & Server) are beta tested by the customers. So meaning all these software releases are pretty much as-is! Google is not better than Microsoft. They'll never fix the issues just patch it. Google doesn't patch it they just release another version of their Android.

    The both have technical problems (another word bugs, glitches an etc) . All the online gaming suffers from this too. They don't put in the people hours to debug like I do. It can be done. But for some odd reason they don't seem like it should be. To it all boils down to profits. If you have Client OS and Server OS running 100% no technical problems what so ever.

    Why would you change it for Client OS and Server OS that not 100%. How is Microsoft going to get more profits coming in unless they release a buggy OS. The patch up couple of times then release a new Client OS and Server OS that you have to pay for! (Not this doesn't effect Windows Smart Phone which the Cell OS next version is a free push by the Cellular carries.
     
    cliffordcooley likes this.
  11. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,518   +506

    I didn't get your actual point. Read it twice, but didnt get the point of all that... are you asking a question, making a statement or just rambling?? O_o
     
    gingerbill likes this.
  12. Collekt

    Collekt TS Rookie

    Please stop with the nonsense conspiracy about them purposely leaving bugs in the OS. The main selling point for a new OS is the addition of new features and capabilities. I don't upgrade to the newest version of Windows on my home PC for bug fixes. I do it because I want the new capabilities. Not to mention the fact that computer companies are going to ship with the latest version of Windows regardless. This applies even more so to Windows Server OS. I upgrade my servers for the new functionality of the latest server OS (also possibly for compatibility reasons, depending on your timeline), not because I hope it's going to fix a few bugs.
     
    gingerbill likes this.
  13. tipstir

    tipstir TS Ambassador Posts: 2,393   +108

    I've been a Windows programmer since 1991. I telling you from experience. OS is always going to be AS-IS the customer is the beta tester that came out of the MS VP back then. Google does the same with Android OS and Chrome OS. I also program in Android OS since 2010. I change the ROM code to improve on tablet. So I see what's going on there. All Microsoft had to do is not rush out the OS to the market. Bugs can be fix there is a debugging process but it take a lot of people to run though the code. Not going to be 100%.
     
  14. "Google does the same with Android OS and Chrome OS. I also program in Android OS since 2010."

    Ah! But Google doesn't charge for it's OS and also it's OS is open-source so if you REALLY want to mess with it for personal use, you can download it, modify it and recompile it and then install it if you really want to.

    Not so with M$. They are ONLY about making $$ and hooking users and businesses into their marketing monopoly.

    The ONLY thing that I use Windows for is games, and that's only because the games I like to play (The Old Republic, DC Universe Online, Diablo III) are Windows-only games (though since the first two are free-to-play, why they don't open source the game client is beyond me!) and the performance hit I would get running them in either Wine (If you can get them to run!) or in a VM, is too high. That's slowly changing with Steam moving to Linux.

    But I digress. I will NEVER run another version of Windows other than Windows 7 simply because Win 7 meets all my gaming needs and I use Linux for everything else. The version I use is "Kubuntu", Ubuntu with the K Desktop Environment (KDE). I have yet to be sorry for using Kubuntu. I've been nothing but sorry using Windows over the years and poorer for it to boot!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...