Home » Google » Google Advocates 7-Day Deadline For Vulnerability Disclosure

google

Two security engineers for Google say the company will now support researchers publicizing details of critical vulnerabilities under active exploitation just seven days after they’ve alerted a company.

That new grace period leaves vendors dramatically less time to create and test a patch than the previously recommended 60-day disclosure deadline for the most serious security flaws.

The goal, write Chris Evans and Drew Hintz, is to prompt vendors to more quickly seal, or at least publicly react to, critical vulnerabilities and reduce the number of attacks that proliferate because of unprotected software.

Vendors have long been criticized for using responsible disclosure to their advantage to delay issuing a fix as long as possible, sometimes even years. Only once a patch is issued does a researcher reveal details of the software flaw. Under the concept of full disclosure, both the company and the public are given details at the same time.

The 60-day notice was announced almost three years ago by a Google security team, which included Evans, as a compromise between full and responsible disclosures for critical vulnerabilities, particularly those that require complex coding to fix. But the regular appearance of zero-day exploits targeting unpatched software has prompted Google to reconsider that timeline.

Read Full Article

Comments

comments

Latest

What Should You Expect from a Prototyping Company?
Wonderful and useless features of mobile phones
cloud computing Top 4 Cloud Computing Trends to Look Out For
How to Pick the Best Cloud Hosting Service for Multiple WordPress Websites
Key Steps On How To Improve The Security Of Your Business Website

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Subscribe To The Technology Geek

Sponsors

Sponsors

Archives