Google and Microsoft are at odds over the search giant’s Project Zero, which prides itself on offering companies advanced warning in order to fix software issues before being sent out to the public. Google’s program is said to offer companies exactly 90 days for such vulnerabilities to be taken care of, and has recently published details regarding a problem with Windows 8.1 just days before going live.
While to some, Project Zero may seem like a simple reminder, or even helpful to the public, Microsoft doesn’t think so. The company claims to have told Google that it had a patch already scheduled to go with regards to the particular vulnerability in question and that customers may “suffer” as a result of Google’s disclosure.
Chris Betz, the senior director at Microsoft’s Security Response Center, said in a blog post that the company believes full disclosure of a vulnerability ahead of a fix becoming "broadly available" is doing a "disservice" to millions of users and the systems they use on a daily basis. Now the second time Google has published vulnerability data ahead of a Microsoft patch for Windows 8.1, Google was recently quoted as saying that its 90-day warning period is fair and that disclosure of this nature is “the optimal approach for user security.”