Despite opposition, Google will make critical security exploits public after seven days


Google’s security researchers are well known for uncovering vulnerabilities in other people’s products. Standard operating procedure is to give the affected company sixty days before publishing the problem, keeping things under wraps until a fix can be shipped out. But when it comes to critical vulnerabilities that are actively being exploited, Google wants its researchers to cut that down to just a week. A post on its Online Security Blog explains the reasoning behind the seven-day guideline: “each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised.”

The change in policy comes two weeks after Google engineer Tavis Ormandy disclosed a publicly unknown…

Continue reading…

The Verge – All Posts

Leave a Comment