Jump to content
Sign up to our newsletters
Independent
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Microsoft slams Google for making software flaws public

Google found the bug as part of its Project Zero initiative — which gives developers 90 days to fix problems before they are made public

Andrew Griffin
Monday 12 January 2015 13:46 EST
Comments
The move marks the first time globally that Google will shut down its news service
The move marks the first time globally that Google will shut down its news service (AFP/Getty)

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Microsoft has criticised Google for making public a flaw in Windows, days before the problem was about to be fixed.

Google posted details of the problem in Windows 8.1 online in October, as part of its Project Zero plan to pressure firms into sorting out security problems. But Microsoft has said that Google’s policy of making the problem public endangered users.

“The decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result,” said Chris Betz, a senior director in Microsoft’s Security Response Center, in a long and sometimes angry blog post yesterday.

He said that Microsoft had asked Google to hold off on releasing details of the problem but that it had done so anyway. Google waits 90 days before it releases the details, which it did on January 11, though Microsoft said it had asked Google to wait until January 13 when it plans to release a fix.

With Project Zero, Google seeks to find problems in software and notify their developers of them, to keep users from harm. But if manufacturers don’t fix it within the 90 day timeline, Google makes the bugs public to encourage developers to fix them.

But Betz said that such disclosure rules don’t always help users.

“Those in favor of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves,” he said. “We disagree.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in