Earlier, Google revealed the existence of a “particularly serious” vulnerability in Windows 10, one that it had warned Microsoft about 10 days previously but had not been patched. Microsoft has now responded to the disclosure – made by Google’s Threat Analysis Group – and the company is not happy.
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google could put customers at potential risk,” Microsoft wrote in an e-mail to Computer World.
This is not the first time the companies have butted heads: Back in January 2015, Google revealed similar Windows vulnerability, which Microsoft implied was an attempt to publicly humiliate it.
“Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha’, with the customers the ones who may suffer as a result,” the company wrote at the time.
The Google Threat Analysis Group has a policy of making such issues public seven days after privately warning the affected vendor: “Seven days is an aggressive timeline and may be too short for some vendors to update their products,” the Threat Analysis Group wrote back in 2013, “but it should be enough time to publish advice about possible mitigations”. In this case, the team gave Microsoft ten days to either issue a patch or warn its customers. It did neither.
“Feels like…” Microsoft is a touchy-feely company now ? Still with the agility of a snail.