Sunday, February 15, 2015

Google Gives Apple, Microsoft 90 Days To Fix Security Flaws


Aside from being the master of diversification, Google apparently either cares a lot about global security across the board, or is merely looking for ways to get back at its competitors.
Apple Inc. and Microsoft Corporation , the consortium had been a pain in Google’s neck for a while, blocking key smartphone patents for the company. While those issues have quieted down, Google found another avenue to go by. Having formed the Project Zero in July, the newly formed team seems to target “zero day” security flaws in software that hackers can take advantage of before developers learn of them.

A Bloomberg report now reveals that Google Inc. has given Apple and Microsoft 90 days to fix the latest flaws that Google has discovered in their code. While some may argue that it is a scare tactic, it has to be noted that Google’s Project Zero has so far singled out 39 loopholes in Apple products, 37 in Adobe Systems Incorporated software, and 20 issues in Microsoft products. Similarly, it released the information to the public at large about the flaws before the companies could find a fix in time. Apple is a 16-time victim, Microsoft suffered on three occasions, and Adobe was subjected to this issue once.

Jake Kouns, chief information officer at Risk Based Security Systems Inc., revealed the above information to Bloomberg(report containing this stuff) in an interview. Mr. Kouns believes that if the companies cannot work together, it will have a negative impact on the industry as a whole. Tom Gorup, manager at Rock Securities Inc., told Bloomberg that he believes otherwise, voicing his view that the strict policy is good for the industry. Because these companies have considerably greater resources than your average computer hacker, better results can be achieved when these companies take a pot shot at rivals’ security measures.

John Dickson of Denim Group Ltd., a software security company, summed it up best when he stated: “I’m not sure who made Google the official referee of the marketplace for vulnerability notification.” He assumes that the “nobility” of this cause is compromised when the company testing for vulnerabilities actually reveals their findings to the public at large instead of to the companies that harbor such security loopholes.

references:

No comments:

Post a Comment