Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Chrome Security

Google Cuts Chrome 'Patch Gap' in Half, From 33 Days To 15 (zdnet.com) 10

Google security engineers said last week they have successfully cut down the "patch gap" in Google Chrome from 33 days to only 15 days. From a report: The term "patch gap" refers to the time it takes from when a security bug is fixed in an open source library to when the same fix lands in software that uses that particular library. In today's software landscape where many apps rely on open source components, the "patch gap" is considered a major security risk. The reason is because when a security bug is fixed in an open source library, details about that bug become public, primarily due to the public nature and openness of most open source projects. Hackers can then use details about these security flaws to craft exploits and launch attacks against software that relies on the vulnerable component, before the software maker has a chance to release a patch. If the software maker is on a fixed release schedule, with updates coming out every few weeks or months, the patch gap can provide hackers with an attack window that most software projects can't deal with.
This discussion has been archived. No new comments can be posted.

Google Cuts Chrome 'Patch Gap' in Half, From 33 Days To 15

Comments Filter:
  • Versions will be obsolete as the latest code changes are streamed real time in a “stadia for browsers” fashion. You think the 4-6 week update trains are fast now, just wait until every commit gets pushed instantly.
    • Already happening with Facebook, AWS, etc.
    • Granted updates in 2020 are much safer then they were in 2000, where every update was a gamble if your system would come back. Which is why enterprises still have a delayed update procedures in progress where they wait a while after the patch before applying it to the test network, then putting it into production.

      However I can see with real time updates, a case where a lot of system break all at once due to a bad patch. Even with all this testing a bad patch comes into play. Just recently Office 365 had

  • How's their pay gap [nytimes.com]? (And, no, they apparently do not generally pay men less [wired.com])

    Google said it shared the male pay gap in this instance because the results were counterintuitive. But the analysis arrives as Google faces an investigation by the US Department of Labor and a lawsuit by current and former female employees, both of which allege that Google discriminates systematically against women in pay and promotion.

  • by twocows ( 1216842 ) on Tuesday February 04, 2020 @01:14PM (#59689902)
    Firefox's patching schedule was copied from Chrome back when Chrome first started gaining popularity. I hated it then and I hate it now, which is why I use ESR.

    Now that Chrome's cutting their patching schedule in half, I have to wonder if Mozilla's going to do the same. I sure hope not.
  • don't it worry you that chrome is so bad, it now has to be patched every 15 days?

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...