Google Advocates 7-Day Deadline For Vulnerability Disclosure 94
Trailrunner7 writes "Two security engineers for Google say the company will now support researchers publicizing details of critical vulnerabilities under active exploitation just seven days after they've alerted a company. That new grace period leaves vendors dramatically less time to create and test a patch than the previously recommended 60-day disclosure deadline for the most serious security flaws. The goal, write Chris Evans and Drew Hintz, is to prompt vendors to more quickly seal, or at least publicly react to, critical vulnerabilities and reduce the number of attacks that proliferate because of unprotected software."
Re:And when they get bitten in the ass? (Score:4, Funny)
What we call incompetent, newly minted MBA drones call efficiency optimization.
Re:Sounds like a huge risk (Score:5, Funny)
We're talking about actively exploited critical vulnerabilities. Fix the hole now! You can make it pretty later.
Yea, but I only do bugs once a month. On Tuesdays. I can't be bothered before then. Your problems may seem big, but I choose to do things my way, at my pace. Besides my inaction helps support a large secondary market for security appliances, IT support personnel and the like. We jeopardize an entire sector of the economy by undermining these people.