All the time in the world to do nothing, 60 days is not enough, how responsible of them.
I wonder what they find wrong about showing some respect for their customers victims, start moving their big fat asses and do something of value for a change.
Go Google, Go Ormandy, put pressure on those lazy bastards, force them into action.
Google gives 60-day deadline for bug disclosure
Summary
Google has called for software makers to adopt a 60-day deadline for patching critical flaws, warning that it will disclose the bugs if they are not fixed in time.
Topics
Google has called for software makers to adopt a 60-day deadline for patching critical flaws, warning that it will disclose the bugs if they are not fixed in time.
In a blog post on Tuesday, the team argued that it is not always in the best interests of end-users for researchers to follow a policy of "responsible disclosure". Under this policy, flaws are privately reported to vendors, and the researcher waits until the hole is patched before going public with details."We've seen an increase in vendors invoking the principles of 'responsible' disclosure to delay fixing vulnerabilities indefinitely, sometimes for years; in that timeframe, these flaws are often rediscovered and used by rogue parties using the same tools and methodologies used by ethical researchers," the team wrote on the Google Online Security Blog.
One of the signatories of the post was Google employee Tavis Ormandy, who attracted criticism in June for not following Google's earlier guidelines on responsible disclosure. Ormandy reported a major security vulnerability in Windows XP to Microsoft, then five days later published an analysis of the flaw and proof-of-concept attack code on a security research mailing list.
For more on this story, read Google gives vendors 60 days to fix critical flaws on ZDNet UK.
Talkback Most Recent of 8 Talkback(s)
-
OS Reload21st Jul 2010 -
I agree with Google's official policy
@OS Reload
If Google's official policy is to disclose after 60 days or release of patch, I think that is fine. Google does too or they wouldn't have made the policy. What no one can figure out is why you say you will wait 60 days and then you disclose after 5. That isn't responsible disclosure even if we went by Google's definition.
NonZealot21st Jul 2010 -
Google "Do No Harm"???
So, disclosing competitors bugs in 5 days... "Do harm to others" then...
Roque Mocan21st Jul 2010 -
Exactly what I was thinking
@Roque Mocan
Of course Google will keep their bugs under lock and key.
iPad-awan21st Jul 2010 -
Open Source, anyone?
@iPad-awan
You know what the expression " open source" means, don't you?
You also know that Google releases much of its software as open source, don't you?OS Reload21st Jul 2010 -
RE: Google gives 60-day deadline for bug disclosure
So I guess this is it....SkyNet is officially starting to come online.
Oh yeah...Google is good...Google can do no wrong...Google is everyone's friend.
So now, Google starts to tell everyone what to do. Pretty soon, what we should or should not see on our computer screens (they track our every move and everything we like you know...).
I agree with one of the posters above...'their bugs will be kept under lock and key'. Of course unless the entire code base is released to open source. But I will bet the farm that their search algorithms won't be.
Wake up everyone, the likes of SkyNet and MCP are coming. Hell, they just told China what da hell to do... China!!!
iceman35721st Jul 2010 -
RE: Google gives 60-day deadline for bug disclosure
Who is Google to say when disclosures and patches should be available? This sounds like a way for them to protect Ormandy when they should have fired him. The software developers will determine when the patch is ready. As each day goes by I trust Google less and less.
Loverock Davidson22nd Jul 2010 -
What part of DO NO EVIL does this fall under?
What a bunch of rank beginners
hubivedder24th Jul 2010
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
