Google: Security flaws not fixed in a week should be made public

Brink

Brink

Administrator
Staff member
Local time
5:45 PM
Messages
74,887
Location
Oklahoma
Google is pushing for a new "aggressive" response timeline for security vulnerabilities, where vendors would be given seven days to patch to the flaw, notify the public or disable affected products.

If researchers find a previously unseen critical flaw that is being used in real-world attacks, they will have Google's blessing to publish details about it seven days after alerting the affected vendor.

"Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information," Google security engineers Chris Evans and Drew Hintz wrote.
Click to expand...

Read more at source: Google: Security flaws not fixed in a week should be made public | ZDNet
 

My Computer My Computer

At a glance

64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
I don't believe that many programs or operating systems can be patched that quickly but I do believe the public could and should be notified of such security flaws that quickly.
I don't know how to write patches for programs or operating system but I would like to have the information of the flaw asap. Who knows I might be able to disable something for a period of time until the flaw is fixed.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Could potentially backfire with disastrous consequences, especially if the vulnerability is a difficult one to patch. If these are made public as Google seems to want them to be if they are not fixed within a week, then malware writers who have previously not targeted the said vulnerability will surely jump on the bandwagon and create more of a problem than existed in the first place (in other words, they might target the flaw from a completely different direction resulting in the solution that the program vendor is working on for the existing malware targeting the flaw prior to it being published by Google not necessarily working for malware targeting it after publication).
 

My Computer My Computer

At a glance

Windows 8.1 Pro RTM x64Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Brid...4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2...MSI GeForce GTX770 Gaming OC 2GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dwarf Dwf/11/2012 r09/2013
OS
Windows 8.1 Pro RTM x64
CPU
Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.4GHz)
Motherboard
ASRock Z77 Extreme4-M
Memory
4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB)
Graphics Card(s)
MSI GeForce GTX770 Gaming OC 2GB
Sound Card
Realtek High Definition on board solution (ALC 898)
Monitor(s) Displays
ViewSonic VA1912w Widescreen (VGA)
Screen Resolution
1440x900
Hard Drives
OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0
PSU
XFX Pro Series 850W Semi-Modular
Case
Gigabyte IF233
Cooling
1 x 120mm Front Inlet 1 x 120mm Rear Exhaust
Keyboard
Microsoft Comfort Curve Keyboard 3000 (USB)
Mouse
Microsoft Comfort Mouse 3000 for Business (USB)
Internet Speed
NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2)
Antivirus
Avast! 8.0.1497
Browser
IE 11
Other Info
Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
WEI Score: 8.1/8.1/8.5/8.5/8.25
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
Dwarf you have a very good point.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
I did note that he named Microsoft Windows 7 Pro and Windows 8 have a security flaw that has never been exploited, but then says there is another software vendor who is being actively exploited. I wonder why they named Microsoft, who has not been exploited, but not the company that is being exploited.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProRyzen 9 5900X32GB G Skill DDR4-3600EVGA RTX 3080 FTW 3 Ultra
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ALWAYS UNDER CONSTRUCTION
    OS
    Windows 11 Pro
    CPU
    Ryzen 9 5900X
    Motherboard
    Asus X570 Crosshair Viii Hero
    Memory
    32GB G Skill DDR4-3600
    Graphics Card(s)
    EVGA RTX 3080 FTW 3 Ultra
    Sound Card
    On Board/Sennheiser PC37X Headset
    Monitor(s) Displays
    3 X Asus 27"
    Screen Resolution
    2560x1440
    Hard Drives
    2 X 1 TB NVME drives
    PSU
    EVGA 850
    Case
    Phanteks Eclipse P400A
    Cooling
    EVGA 280 AIO
    Keyboard
    Logitech G510s/ Logitech G13
    Mouse
    Logitech G502
    Internet Speed
    24/1
    Antivirus
    ESET/MBAM Pro/SAS Pro
    Browser
    Chrome/ Firefox/ Edge

  • At a glance

    Windows 11 ProIntel Ultra 9 288V32 GB LPDDR5X 8533
    Computer type
    Laptop
    System Manufacturer/Model Number
    Dell 16 Plus
    OS
    Windows 11 Pro
    CPU
    Intel Ultra 9 288V
    Memory
    32 GB LPDDR5X 8533
    Monitor(s) Displays
    16" Mini-LED HDR600 Touch 90 Hz
    Screen Resolution
    2560X1600
    Hard Drives
    1 TB NVME
You must log in or register to reply here.
Back
Top