Google researcher publishes unpatched Windows 8.1 security vulnerability

noone_particular · Jan 24, 2015

I hope that was sarcastic. They should spend the money fixing and improving their own product. What a business model, exploiting user data and using the profits to attack competitors.

Minimalist · Jan 24, 2015

IDK if Microsoft and Apple had to agree with Google testing their products? I guess that Google should get their permission or follow responsible disclosure for bugs they find.

As described here: http://en.wikipedia.org/wiki/Responsible_disclosure

To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage. Depending on the potential impact of the vulnerability, the expected time needed for an emergency fix or workaround to be developed and applied and other factors, this period may vary between a few days and several months.
Click to expand...

Minimalist · Feb 4, 2015

3 Disturbing New Trends in Vulnerability Disclosure

Who's winning and who's losing the battle of the bugs? While security pros and software companies fight amongst themselves, it looks like black hats are winning and users are losing.
Click to expand...

http://www.darkreading.com/3-disturbing-new-trends-in-vulnerability-disclosure/d/d-id/1318925

Minimalist · Feb 13, 2015

Feedback and data-driven updates to Google’s disclosure policy

Disclosure deadlines have long been an industry standard practice. They improve end-user security by getting security patches to users faster. As noted in CERT’s 45-day disclosure policy, they also “balance the need of the public to be informed of security vulnerabilities with vendors' need for time to respond effectively”. Yahoo!’s 90-day policy notes that “Time is of the essence when we discover these types of issues: the more quickly we address the risks, the less harm an attack can cause”. ZDI’s 120-day policy notes that releasing vulnerability details can “enable the defensive community to protect the user”.
Click to expand...

http://googleprojectzero.blogspot.com/2015/02/feedback-and-data-driven-updates-to.html

Log in or Sign up

Google researcher publishes unpatched Windows 8.1 security vulnerability

noone_particular Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Log in or Sign up

Google researcher publishes unpatched Windows 8.1 security vulnerability

noone_particular Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Useful Searches