Google to give devs more time to fix flaws before revealing them

WYP

News Guru
Google's "Project Zero" is a project which is designed to bolster internet security where if Google finds a Security flaw it gives a developer 90 days to fix it before going public. Now after a public backlash from several developers, Google is extending the deadline.

16101802402l.jpg


Read more on Google's deadline extension for "Project Zero" here.
 
Thats good but 90 days is too long... depending on the breach or access.
If it was say paypal allowing a peer to view all information that should be instant
maybe not tell everyone right away, but say it must become public knowledge in 2 weeks solved or not.
 
90 days is enough. Unleash the chaos. If that's what it takes for these tech companies to start behaving responsibly. Most people just ignore the fact that these giant tech companies are supposed to be among the most responsible companies in the world. Think about just how much of our sensitive data relies on their services. They absolutely must be held responsible for any and all security flaws or god-forbid hacks. If outing those security flaws urges them to fix their shit, then I fully support it.
 
90 days is enough. Unleash the chaos. If that's what it takes for these tech companies to start behaving responsibly. Most people just ignore the fact that these giant tech companies are supposed to be among the most responsible companies in the world. Think about just how much of our sensitive data relies on their services. They absolutely must be held responsible for any and all security flaws or god-forbid hacks. If outing those security flaws urges them to fix their shit, then I fully support it.

And releasing said exploits into the wild before they are patched is a good thing? What if said issue is something so complex it can't be fixed in the full 90+14 days? Not to mention that not everyone will patch their computers come update time. By making an exploit public, you're giving everyone and their mum an idea of what the exploit is and how they can use it.

I don't want Script Kiddies effing with my stuff.

My biggest issue is the whole thing is coming from Google. Who still don't fix crap on android and instead leave it to OEMs to fix it.
 
My biggest issue is the whole thing is coming from Google. Who still don't fix crap on android and instead leave it to OEMs to fix it.

We all know you prefer IOS. No need to flame andriod and start something. Google do a good job. It's hard to maintain pretty much the number one used search engine... also there are so many andriod phones and variants it is also equally as difficult to fix bugs. Sure they could do better but by no means they "don't fix crap".. they actually try, hence this whole project.
 
We all know you prefer IOS. No need to flame andriod and start something. Google do a good job. It's hard to maintain pretty much the number one used search engine... also there are so many andriod phones and variants it is also equally as difficult to fix bugs. Sure they could do better but by no means they "don't fix crap".. they actually try, hence this whole project.

http://arstechnica.com/security/2015/01/google-wont-fix-bug-hitting-60-percent-of-android-phones/
Oh boy they sure do try. While I understand it would be up to the OEM's to push the update out to the individual phones once the patch is made by google, they did actually fix one problem in the past which was the heartbleed bug. Instead they have left it to OEMs, who would rather you buy a new phone. Heck I'll give Google credit, they did used to fix some issues with 4.3 and then left it to OEMS to send out the patches (which they didn't).
Would you want Asus, AMD et al be left in charge of windows update because microsoft are too busy putting out the next version of windows?

Google security research is a project aimed at other people, not really specifically (or much at all) android.

Contrary to your belief, I actually prefer windows phone. why? Its an example of a well written OS that is secure but has customization and can support a decent range of hardware. Its a shame not many people have one, as it is pretty much everything what a modern smart phone should be.

We could go back and forth and accuse each other of favoritism of certain companies all day anyway but this isn't the place.

-edit- Before I hear something about android being open source and that because of that,it somehow excludes it from support I suggest you look up what linux does/is.
 
Last edited:
I think 60-90 days is reasonable. If the information becomes public or starts being exploited in the field then it might be a good idea to get the fix out quick.
 
Back
Top