Published On: Fri, Oct 20th, 2017

Microsoft and Google Duke It Out over Security Strategies

While they share many common causes, the world’s largest tech companies are not above taking veiled and not-so-veiled potshots at each other, as the latest sniping between Google and Microsoft illustrates.

Earlier this month, a researcher with Google’s Project Zero security team posted an extensive analysis of a Windows software bug, along the way criticizing Microsoft’s policy of being slow to release patches for older versions of its operating system. This week, Microsoft fired back by publishing details about a Chrome Web browser vulnerability, and then taking Google to task for disclosing details about the flaw before pushing out a fix to end users.

Technology companies generally adhere to a process known as coordinated vulnerability disclosure, in which vendors are first notified about hardware or software flaws ahead of a public release of information. This is aimed at giving companies time to develop and release patches before details about vulnerabilities become widely available to the public as well as to hackers.

More than four years ago, however, Google said it would release public details about some bugs more quickly so end users could adopt fixes if vendors didn’t fix critical vulnerabilities within seven days. That decision prompted accusations from Microsoft that Google was increasing, rather than reducing, potential security risks to customers.

‘Problematic’ Vulnerability Disclosures

In its latest dig at Google, Microsoft on Wednesday published a lengthy analysis of an Offensive Security Research (OSR) team investigation into possible vulnerabilities with Google’s Chrome Web browser. The analysis described the team’s discovery of a Chrome remote code execution vulnerability that could allow attackers to steal saved passwords, inject arbitrary JavaScript into Web pages, or navigate to other Web pages in the background using victims’ browsers.

Using the handle “msft-mmpc,” the unnamed Microsoft author also noted that Google’s method for dealing with Chrome bugs…
NewsFactor Network

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Microsoft and Google Duke It Out over Security Strategies