Google has dismissed the security statistics cited by IT services giant IBM and has challenged the accuracy of the report.
According to Dark Reading, the Mountain-View, California-based search engine giant claimed that facts stated by IBM regarding its inability to patch maximum number of highly critical flaws, are wrong and inaccurate.
X-Force 2010 Mid-Year Trend and Risk Report released by IBM last week states that Google tops the list of software vendors with 33 percent of critical and dangerous flaws found in its services that went unpatched in the first half of 2010.
"We questioned a number of surprising findings concerning Google's vulnerability rate and response record, and after discussions with IBM, we discovered a number of errors that had important implications for the report's conclusions,” wrote Adam Mien, Google’s security program manager on company blog.
Tom Cross, manager of X-Force unit at Big Blue has acknowledged the mistake and a revised report will be available shortly; he added that "As a consequence of this feedback, we have manually reassessed the CVSS scoring, remedy information, and vendor information for every vulnerability that impacted the percentages that appear in this chart"