While they share many common causes, the world’s largest tech companies are not above taking veiled and not-so-veiled potshots at each other, as the latest sniping between Google and Microsoft illustrates.
Earlier this month, a researcher with Google’s Project Zero security team posted an extensive analysis of a Windows software bug, along the way criticizing Microsoft’s policy of being slow to release patches for older versions of its operating system. This week, Microsoft fired back by publishing details about a Chrome Web browser vulnerability, and then taking Google to task for disclosing details about the flaw before pushing out a fix to end users.
Technology companies generally adhere to a process known as coordinated vulnerability disclosure, in which vendors are first notified about hardware or software flaws ahead of a public release of information. This is aimed at giving companies time to develop and release patches before details about vulnerabilities become widely available to the public as well as to hackers.
More than four years ago, however, Google said it would release public details about some bugs more quickly so end users could adopt fixes if vendors didn’t fix critical vulnerabilities within seven days. That decision prompted accusations from Microsoft that Google was increasing, rather than reducing, potential security risks to customers.
‘Problematic’ Vulnerability Disclosures
Using the handle “msft-mmpc,” the unnamed Microsoft author also noted that Google’s method for dealing with Chrome bugs…