Google’s corporate mantra has long been “Don’t be Evil.” However, some in the security community may have taken issue with Google’s policy on disclosing zero-day security vulnerabilities, finding it inflexible if not evil.
Google’s zero-day disclosures came from its Project Zero research effort, which came to light in July of 2014. Project Zero’s policy stated that it would publicly disclose any security vulnerabilities it found 90 days after making an initial report to impacted vendors. The policy has created friction with multiple vendors, including Microsoft.
Google has disclosed multiple zero-day issues with Microsoft technologies so far in 2015. In one case, Google publicly disclosed a zero-day flaw on Jan. 11 that was patched two days later as part of Microsoft’s regularly scheduled January Patch Tuesday update.
Read the Full Article: Source – eSecurity Planet