“Google Inc. has given fellow tech companies an ultimatum: patch your software vulnerabilities within 90 days or we’ll make them public,” Chris Strohm and Jordan Robertson report for Bloomberg. “An elite team of Google hackers and programmers scrub their own and competitors’ software for security flaws, giving companies a deadline to issue a fix. Google says it wants software makers to move fast because cybercriminals act with lightning speed when they spot bugs.”
“It’s a sensitive topic — rivals Microsoft Corp. and Apple Inc. declined to talk about the tactic — though others in the industry say the help isn’t always welcome, usurps a role best left to government and can jeopardize security,” Strohm and Robertson report. “‘I’m not sure who made Google the official referee of the marketplace for vulnerability notification,’ said John Dickson, a principal with software security company Denim Group Ltd. in San Antonio. He said pressuring companies to fix flaws is a good idea, but ‘what noble motives they had in mind could be called into question given the fact that they essentially outed vulnerabilities for two of their biggest rivals.'”
“Apple declined to comment while Microsoft would only refer to a previous statement in which it said Google’s tactics felt like a game of ‘gotcha,’ illustrating [the divisiveness of the issue],” Strohm and Robertson report. “In January, Apple pleaded with Google to wait about a week before going public so it could fix three flaws in the Mac OS X operating system, according to a person familiar with the request who wasn’t authorized to speak publicly. Google knew the fix was coming and had possession of the updated software because it serves as a developer for Apple, the person said. Regardless, Google refused and released details of the flaws.”
Read more in the full article here.
MacDailyNews Take: People who wear Google Glasses shouldn’t throw stones.
Smacks of extortion, sez me.
Perhaps a joint-drafted letter from the Apple and Microsoft legal departments is in order . . .
Instead of focusing Google software engineers towards finding Apple and Microsoft software bugs, why not repurpose these significant Google tech assets towards finding and squashing Google software bugs.
Makes sense to me.
Niffy
This 90 days before disclosure is NOTHING NEW. Google isn’t pulling any punches here.
EXCEPT: Mind your own security problems Google! Your Android security glass house is IN RUINS. DUH!!!
I have to say that Google can be incredible rectal pores. Of course we easily interpret their rather beneficial attention to OTHER PEOPLE’S security problems as just Google taking a dump on their heads. Now if only Google would notice the dumps they consistently take on THEIR OWN heads. They reek.
💩💩💩💩💩
💩💩💩💩💩
💩💩💩💩💩
💩💩💩💩💩
💩💩💩💩💩
💩💩💩💩💩 <–Time to clean up your own messes Google!
Google is going to feel the hurt sooner than u think !
Its coming ERICK MOLE SCHIDT !
I would suspect most of these security vulnerabilities are a result of Googles software.
Want to let GOOG know how you feel about this dubious practice, stop using Chrome, Gmail, their search portal, and anything else where they generate ad revenue. They’ll get the message.
I AGREE. I always have the sense of “big brother’ watching. So much for ‘DO NO EVIL’ They have become evil.