Post Thu Jun 10, 2010 6:52 pm

Does Google Have a Double Standard on Full Disclosure?

Now here is an interesting development :)

Tavis Ormandy has set the cat among the “responsible disclosure” pigeons with the release of technical details of a zero-day vulnerability affecting the Microsoft Windows Help and Support Center without giving Microsoft adequate time to prepare a patch.


See, here’s the big problem. Either you are all about full disclosure (which is happening less and less these days), you use it only when you know the company won’t react otherwise or has all kinds of other hinky things they do behind your back (the same reason I advocate full disclosure against Google), or you use responsible disclosure. Google says it adheres to responsible disclosure, but at the same time they give Microsoft 5 days to fix their 0day that Google’s researchers themselves created!


http://threatpost.com/en_us/blogs/does-google-have-double-standard-full-disclosure-061010?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com