Monday, January 12, 2015
Google has a program to wipe out bugs in software. It is called Project Zero. The policy of the internet giant is to give companies 90 days to fix a vulnerability and if the company has not done so, Google publicizes the flaw. Microsoft ran afoul of Project Zero with a Windows 8.1 bug that it failed to fix in the 90-day window. In fact, Microsoft was set to release a patch for the flaw just two days after the 90-day window shut, Microsoft is peeved at Google and faulting it for a lack of cooperation. From a PR point of view, the clash comes from differing policies in how best to serve users. Google could have waited and Microsoft could have sped up distribution of the fix, but their approaches preclude that. Microsoft does corrections in batches. Google wants to push software companies to repair promptly code that can allow hackers to penetrate user systems. The two companies need to talk and come up with a joint communications policy. If they don't, it will happen again.