“Google Inc. has given fellow tech companies an ultimatum: patch your software vulnerabilities within 90 days or we’ll make them public,” Chris Strohm and Jordan Robertson report for Bloomberg. “An elite team of Google hackers and programmers scrub their own and competitors’ software for security flaws, giving companies a deadline to issue a fix. Google says it wants software makers to move fast because cybercriminals act with lightning speed when they spot bugs.”
“It’s a sensitive topic — rivals Microsoft Corp. and Apple Inc. declined to talk about the tactic — though others in the industry say the help isn’t always welcome, usurps a role best left to government and can jeopardize security,” Strohm and Robertson report. “‘I’m not sure who made Google the official referee of the marketplace for vulnerability notification,’ said John Dickson, a principal with software security company Denim Group Ltd. in San Antonio. He said pressuring companies to fix flaws is a good idea, but ‘what noble motives they had in mind could be called into question given the fact that they essentially outed vulnerabilities for two of their biggest rivals.'”
“Apple declined to comment while Microsoft would only refer to a previous statement in which it said Google’s tactics felt like a game of ‘gotcha,’ illustrating [the divisiveness of the issue],” Strohm and Robertson report. “In January, Apple pleaded with Google to wait about a week before going public so it could fix three flaws in the Mac OS X operating system, according to a person familiar with the request who wasn’t authorized to speak publicly. Google knew the fix was coming and had possession of the updated software because it serves as a developer for Apple, the person said. Regardless, Google refused and released details of the flaws.”
Read more in the full article here.
MacDailyNews Take: People who wear Google Glasses shouldn’t throw stones.