Microsoft Chides Google For Disclosing Windows 8.1 Security Hole Issue
Microsoft has come criticized Google for making public its details about security vulnerability in Windows 8.1 48 hours before the software giant was scheduled to patch the bug, reports Geek Wire. Microsoft claimed that Google’s action was putting users at risk by rejecting its request to wait until the fix is released.
“Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result,” writes Chris Betz, senior director of the Microsoft Security Response Center, in a post last Sunday outlining the position of the Redmond company. “What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
The current standoff between both companies is a spotlight of debate in the security world over best practices for reporting and also fixing security holes. The need to protect users has not been more highlighted, with more pressure coming on Microsoft expedite a patch.
Giving us a hint of why vulnerability issues take time to solve, Microsoft described it as “complex, extensive and time-consuming process.”
“Responding to security vulnerabilities can be a complex, extensive and time-consuming process,” he writes. “As a software vendor this is an area in which we have years of experience. Some of the complexity in the timing discussion is rooted in the variety of environments that we as security professionals must consider: real world impact in customer environments, the number of supported platforms the issue exists in, and the complexity of the fix. Vulnerabilities are not all made equal nor according to a well-defined measure. And, an update to an online service can have different complexity and dependencies than a fix to a software product, decade old software platform on which tens of thousands have built applications, or hardware devices. Thoughtful collaboration takes these attributes into account.”
Was Google’s decision to go public with the Windows 8.1 vulnerability hole a decision taken in haste? As Microsoft pointed out in the post made public on its blog, resolving issues such as the one identified by Google could take sometimes; but time is of the essence when it has to do with security issues.
Google, according Geek Wire is yet to issue a response to Microsoft’s blog post; but we may not have to wait long to get one the way things have turned out.