Google: Security flaws not fixed in a week should be made public
Google: Security flaws not fixed in a week should be made public
Posted: 30 May 2013
Google is pushing for a new "aggressive" response timeline for security vulnerabilities, where vendors would be given seven days to patch to the flaw, notify the public or disable affected products.
If researchers find a previously unseen critical flaw that is being used in real-world attacks, they will have Google's blessing to publish details about it seven days after alerting the affected vendor.
"Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information," Google security engineers Chris Evans and Drew Hintz wrote.
I don't believe that many programs or operating systems can be patched that quickly but I do believe the public could and should be notified of such security flaws that quickly.
I don't know how to write patches for programs or operating system but I would like to have the information of the flaw asap. Who knows I might be able to disable something for a period of time until the flaw is fixed.
Computer Type: PC/Desktop System Manufacturer/Model Number: Home made Desktop OS: Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64 CPU: Intel i7-6800K @ 4.3 Motherboard: ASUS X-99 Deluxe II Memory: Corsair Platinum 16 gig @2400 Graphics Card: EVGA GTX 1070 OC Monitor(s) Displays: Asus 27" LED LCD/VE278Q Screen Resolution: 1920-1080 or 1280-720 HDMI Keyboard: Das 4 Professional Mouse: Logitech M705/MX Anywhere 2-S PSU: EVGA Platium 1200W Case: Phanteks Luxe Tempered Glass 8 fans/ one radiator Cooling: XSPC/ Water Cooled CPU Hard Drives: INTEL SSD 730-240 Gb Sata 3.0/ Internet Speed: 100 mbits Browser: I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum Antivirus: Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS Other Info: LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Could potentially backfire with disastrous consequences, especially if the vulnerability is a difficult one to patch. If these are made public as Google seems to want them to be if they are not fixed within a week, then malware writers who have previously not targeted the said vulnerability will surely jump on the bandwagon and create more of a problem than existed in the first place (in other words, they might target the flaw from a completely different direction resulting in the solution that the program vendor is working on for the existing malware targeting the flaw prior to it being published by Google not necessarily working for malware targeting it after publication).
Computer Type: PC/Desktop System Manufacturer/Model Number: Home made Desktop OS: Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64 CPU: Intel i7-6800K @ 4.3 Motherboard: ASUS X-99 Deluxe II Memory: Corsair Platinum 16 gig @2400 Graphics Card: EVGA GTX 1070 OC Monitor(s) Displays: Asus 27" LED LCD/VE278Q Screen Resolution: 1920-1080 or 1280-720 HDMI Keyboard: Das 4 Professional Mouse: Logitech M705/MX Anywhere 2-S PSU: EVGA Platium 1200W Case: Phanteks Luxe Tempered Glass 8 fans/ one radiator Cooling: XSPC/ Water Cooled CPU Hard Drives: INTEL SSD 730-240 Gb Sata 3.0/ Internet Speed: 100 mbits Browser: I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum Antivirus: Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS Other Info: LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
I did note that he named Microsoft Windows 7 Pro and Windows 8 have a security flaw that has never been exploited, but then says there is another software vendor who is being actively exploited. I wonder why they named Microsoft, who has not been exploited, but not the company that is being exploited.
Files within c:\users\public folder have been reset to owner "Administrators" and all security is gone. Inhereted security from c:\users\public is still there on all files and folders. What security is the default on a normal windows 7 machine?
Please send me outpu of follwing commands
...
Quote