Skip to main content

Google risks industry wrath over security disclosures

Google risks incurring the wrath of its competitors after announcing it will continue to disclose any security vulnerabilities that are not fixed within 90 days.

The search engine giant’s “Project Zero” identifies high-profile bugs with the aim of creating more secure products for customers everywhere. However, recently the scheme has been criticised as a way for Google to embarrass its technology rivals.

Read more: Google escalates Microsoft tension, unveils two more unpatched Windows security flaws

In January, Microsoft requested that Google not reveal a security bug, as it was due to be corrected in the upcoming “Patch Tuesday” release. However, Google refused to budge on its 90 day policy and disclosed the vulnerability anyway.

According to Business Insider, Microsoft’s security research group director Chris Betz was among those to criticise the search engine.

“The decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result,” he wrote in a blog post. “What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”

Similarly, Google revealed another Windows 8 security flaw just a few weeks prior to the Patch Tuesday release. The firm has also reportedly identified 43 potential vulnerabilities in Apple products and 39 involving Adobe software.

While some industry experts have praised Google’s strict policy, other have criticised the company as hypocritical. Despite the extensive database of errors identified by Project Zero, there is not a single flaw listed involving Google products.

Moreover, Google actually refused to patch a major Android vulnerability previously, arguing consumers should instead simply update to the latest version of the operating system to counter the threat.

Read more: Microsoft patching zero-day exploit on IE11

Although watching technology giants take lumps out of each other in public is perhaps not the most dignified spectacle, Google’s monitoring of the security landscape is likely to prove beneficial in the long run for consumers. Late last year, it was revealed that PayPal took 18 months to patch a security bug, something that is unlikely to occur under Google’s watchful gaze.