/>
X
Business

Google gives 60-day deadline for bug disclosure

Google has called for software makers to adopt a 60-day deadline for patching critical flaws, warning that it will disclose the bugs if they are not fixed in time.
Written by Jack Clark, Contributor on

Google has called for software makers to adopt a 60-day deadline for patching critical flaws, warning that it will disclose the bugs if they are not fixed in time.

In a blog post on Tuesday, the team argued that it is not always in the best interests of end-users for researchers to follow a policy of "responsible disclosure". Under this policy, flaws are privately reported to vendors, and the researcher waits until the hole is patched before going public with details."We've seen an increase in vendors invoking the principles of 'responsible' disclosure to delay fixing vulnerabilities indefinitely, sometimes for years; in that timeframe, these flaws are often rediscovered and used by rogue parties using the same tools and methodologies used by ethical researchers," the team wrote on the Google Online Security Blog.

One of the signatories of the post was Google employee Tavis Ormandy, who attracted criticism in June for not following Google's earlier guidelines on responsible disclosure. Ormandy reported a major security vulnerability in Windows XP to Microsoft, then five days later published an analysis of the flaw and proof-of-concept attack code on a security research mailing list.

For more on this story, read Google gives vendors 60 days to fix critical flaws on ZDNet UK.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Apple names the 16 best apps and games of 2022, with BeReal taking top honors
App Store icon

Apple names the 16 best apps and games of 2022, with BeReal taking top honors

Don't miss the 98 best Cyber Monday deals still available now
Large white Cyber Monday text with electronics behind it

Don't miss the 98 best Cyber Monday deals still available now