All systems have vulnerabilities. This statement is true anywhere in the world. The big question is: what do big companies do to eliminate known vulnerabilities.
During the past year Google has found some vulnerabilities in Windows, reported to Microsoft and after some time, publicly disclosed the vulnerabilities.
This year history has repeated itself, Google has released yet another unpatched security flaw in Windows 8.1. Fault finding is part of the Project Zero that Google has been promoting in order to make the web more secure. In this project, a security team looks for security flaws and notifies the responsible company to make the correction. After that there is a 90-day deadline for correction. After that, a detailed public alert about the problem is issued.
The Google team has found a flaw that allows a limited account to access the system with administrator privileges.
In keeping with its schedule, Google notified the Microsoft about a vulnerability on October 13, 2014. After 90 days without the fix, Google released details of the vulnerability on Sunday (January 11).
Microsoft was outraged by Google's attitude, as the Microsoft security team would make the fix available on January 13, based on its program called “Patch Tuesday”, Which aims to make security updates available on the second Tuesday of each month.
Google has already defended itself, stating that the 90-day period is valid for all companies and all types of bugs, so it could not make an exception for Microsoft.
And who is right?
