Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Google: Security flaws not fixed in a week should be made public

30 May 2013   #1
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 
Google: Security flaws not fixed in a week should be made public

Quote:
Google is pushing for a new "aggressive" response timeline for security vulnerabilities, where vendors would be given seven days to patch to the flaw, notify the public or disable affected products.

If researchers find a previously unseen critical flaw that is being used in real-world attacks, they will have Google's blessing to publish details about it seven days after alerting the affected vendor.

"Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information," Google security engineers Chris Evans and Drew Hintz wrote.
Read more at source: Google: Security flaws not fixed in a week should be made public | ZDNet


My System SpecsSystem Spec
.

03 Jun 2013   #2
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I don't believe that many programs or operating systems can be patched that quickly but I do believe the public could and should be notified of such security flaws that quickly.
I don't know how to write patches for programs or operating system but I would like to have the information of the flaw asap. Who knows I might be able to disable something for a period of time until the flaw is fixed.
My System SpecsSystem Spec
11 Jun 2013   #3
Dwarf

Windows 8.1 Pro RTM x64
 
 

Could potentially backfire with disastrous consequences, especially if the vulnerability is a difficult one to patch. If these are made public as Google seems to want them to be if they are not fixed within a week, then malware writers who have previously not targeted the said vulnerability will surely jump on the bandwagon and create more of a problem than existed in the first place (in other words, they might target the flaw from a completely different direction resulting in the solution that the program vendor is working on for the existing malware targeting the flaw prior to it being published by Google not necessarily working for malware targeting it after publication).
My System SpecsSystem Spec
.


12 Jun 2013   #4
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Dwarf you have a very good point.
My System SpecsSystem Spec
12 Jun 2013   #5
essenbe
Microsoft MVP

Windows 7 Enterprise X64/Windows 10 X64
 
 

I did note that he named Microsoft Windows 7 Pro and Windows 8 have a security flaw that has never been exploited, but then says there is another software vendor who is being actively exploited. I wonder why they named Microsoft, who has not been exploited, but not the company that is being exploited.
My System SpecsSystem Spec
Reply

 Google: Security flaws not fixed in a week should be made public




Thread Tools





Similar help and support threads
Thread Forum
Security problems need to be made public: Linus Torvalds
Source A Guy
Security News
Arrests made after keyloggers found on public PCs at US hotels
Source A Guy
Security News
Made a mess of C:\users\public security
Files within c:\users\public folder have been reset to owner "Administrators" and all security is gone. Inhereted security from c:\users\public is still there on all files and folders. What security is the default on a normal windows 7 machine? Please send me outpu of follwing commands ...
System Security
Critical Flash flaw won't be fixed until next week
Read more: Critical Flash flaw won't be fixed until next week | The Digital Home - CNET News
Security News
Public likely getting IE8 RC1 next week
Microsoft handed out IE8 Beta 2 in August 2008 and is now finally getting ready to release another public build of IE7's successor sometime next week. This will be the official Release Candidate 1 (RC1) build, according to a post on the IEBlog, which describes why the latest public build does not...
News
Public betas of Windows 7 client and server could hit this week
It’s not much of a secret at this point, but CEO Steve Ballmer is expected to announce official availability of the closed Windows 7 Beta 1 release during his Consumer Electronics Show keynote address on January 7. The official (non-Torrented) Beta 1 bits should be available to pre-approved Windows...
News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:23.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App