Googler criticized for disclosing Windows-related flaw
Source: CNET - Posted by Anthony Pell   
Latest News Microsoft and outside security researchers accused a Google engineer of failing to follow the responsible disclosure etiquette his own company promotes by disclosing a Windows XP-related flaw on Thursday, publishing code to exploit it and giving Microsoft only five days to fix it. Tavis Ormandy informed Microsoft about the vulnerability--located in the online Windows Help and Support Center feature that offers customers technical support--on Saturday. He then announced details of the hole and offered proof-of-concept attack code in a post to the Full Disclosure security e-mail list on Thursday.

"I would like to point out that if I had reported (the issue) without a working exploit, I would have been ignored," he wrote, before saying that he was operating on his own and not on Google's behalf. "This document contains my own opinions. I do not speak for or represent anyone but myself."

But Microsoft said that by releasing the exploit while going public with it before Microsoft had a chance to patch it was irresponsible and puts millions of computer users at risk.

"Responsible disclosure protects the computer ecosystem and individual computer users from harm," Microsoft's Jerry Bryant wrote in a Microsoft Security Response Center (MSRC) blog post.

Read this full article at CNET

Only registered users can write comments.
Please login or register.

Powered by AkoComment!