Google and its team of security researchers are known for catching some of the biggest security exploits in other companies' products. Normally, the period for revealing a flaw to the general public is 60 days, which gives the affected company enough time to fix the problem. However, Google has decided to change that policy, and instead will start making exploits known in a week.
This change only applies to critical vulnerabilities that are actively being exploited. Google says that each day such a vulnerability is unknown and unpatched, more computers are bound to be compromised.
The decision comes shortly after Google engineer Tavis Ormandy disclosed a publicly unknown vulnerability found in Windows 7 and Windows 8. In that case, the announcement was made only five days after Microsoft was informed of the bug, with Ormandy calling Microsoft's security team "difficult to work with."
Google finds bugs and vulnerabilities in software from many companies, but Redmond is certainly a frequent target. For example, in February Microsoft issued a huge patch, and in that case about half of the flaws fixed were discovered by the search giant's engineers.
Of course, this is a hotly contested issue. Google believes that a week is enough time to tell users about workarounds that mitigate the problem, even if not long enough to issue a proper patch. On the other side, opponents believe that reporting the bug before there is a fix puts hacking tools in the hands of malicious users.
While the move puts extra pressure on companies to fix critical flaws on their software, Google will keep the standard 60 day grace period for non-critical problems and flaws not actively being exploited.