Google Inc (NASDAQ:GOOG) Gives Vendors 14-Day Window Before Publicizing Bugs

Google Inc (NASDAQ:GOOG) appears to have a new strategy in place, after the recent ‘bugs’ fiasco with Microsoft Corporation (NASDAQ:MSFT). Earlier the search-engine giant had a 90-day waiting period before it went public with vendor flaws. However the revised policy will now be a little more lenient with its disclosure time-frame.

In recent times, Google Inc and software blue-chip Microsoft Corporation (NASDAQ:MSFT) were up in arms over Project Zero bugs.

What is Project Zero?

Project Zero is a Google-backed based review and evaluation group of engineers from Google. Most of them are notable researchers, who review in-house Google Inc software, for security flaws, as well as that of other vendors.

Typically Google Inc’s security engineers ran a very stringent Clock-based repatch system. With 90-days from the time of detection of the bug, the vendor had to correct the flaw. If the time-line was not met, then the bug was exposed to the public domain, along with an attack sample program.

In its latest run, Google Inc (NASDAQ:GOOGL) security engineers at Project zero had set the clock-running on Dec 29, 2014 with a series of vulnerabilities in Microsoft’s signature software, Windows. However, Project Zero chose to reveal the flaw, 2 days before Microsoft was releasing a patch, on January 11 itself, despite requests that Jan 13, would see Microsoft engineers releasing patches.

Google Inc (NASDAQ:GOOGL) decision to run the vulnerability release despite requests by Microsoft has not been well received by the former. In fact, Microsoft alleges that Google Inc’s decision has actually led to customers suffering.

However, Google Inc does stand by its release as one of the oldest flaws reported to Microsoft was early as October 17 with January 15 begins the date of expiry to release the update. Project’s Zero’s bug tracker, telling reveals that Microsoft had chosen to soft-pedal the deadline by claiming ‘compatibility issues’ and posted fix dates to Feb 10, which had led to the vulnerability details being revealed.

The new 14-day window-period should be saving graces for many a giant vendor in the future!