Google has taken an interesting, and in my view overdue stance on what a responsible security flaw disclosure strategy should include. As both an IT security professional and a humanoid, protecting the end user as quickly and effectively as possible should be the shared goal of both security researchers and software makers.
Too often we've seen the waters muddied via subjective descriptors such as "responsible" that seem designed more to protect the software vendor's reputation and market share than to keep critical flaws from being exploited, causing harm to end users and corporations.
Google's approach is reasoned, fair, and transparent. Microsoft will hate it.
Google Online Security Blog: Rebooting Responsible Disclosure: a focus on protecting end users
No comments:
Post a Comment
Please tell me what you think.