Microsoft is upset that yet again Google has disclosed an as yet (at time of disclosure) unpatched flaw in Windows 8.1. Google did give MS proper notification and a 90 day deadline to address the issue. Microsoft if upset that Google didn’t extend its (set in stone) 90 day deadline to allow Microsoft to release the patch within it’s normal Patch window on what’s called “Patch Tuesday”.
I agree with the cutoff myself. Especially if you look at it like this.. Microsoft put out a product that has security issues in it, some have been there for years undiscovered by Microsoft as it releases new versions of it’s OS. New versions that often are still susceptible to the same flaws. Many of these flaws are brought to Microsoft’s attention from ethical outside sources including Google. Unethical hacker may already know and be using these flaws for malicious purposes. It’s reported that our own NSA knew about HeartBleed
the SSL flaw for years and kept it silent to exploit it.
So the question remains. How much time should a company have to patch a flaw from the time it is informed of it? Each day a fix is delayed is a possible exploit of systems and data. Security breaches, stolen data, pictures, passwords, credit card & financial info. So the question is… Is 90 days long enough or is it too long? Think of Sony, or iCloud or any other data breach you’ve heard of in the recent history. Then think.. Should MS be upset about the flaws being disclosed or should they Really be apologizing for not fixing it sooner?
Read Network Worlds take on it at the link below.
Google discloses another unpatched Windows flaw, irritates Microsoft | Network World