Google’s “Project Zero” popularly know as the Bug Hunter, garnered much of the headlines ever since it jolted Microsoft by repeatedly publishing Windows vulnerabilities at a global scale.
Last month, Google unhesitatingly published the vulnerability as well as the code that could be used to exploit the bug, under the shadow of its initiative Project Zero. This initiative led by Google tracks software flaws, conduct an in-depth research and eventually inform the software developer about the possible ways that the bug can be exploited. Google provides a time period of 90 days to fix the problems before Project Zero publishes the bug along with the code.
Google believed that 90 days should be enough for a tech giant as big as Microsoft to find out a relevant solution and fix the bug. However, the Redmond giant failed to seed an update to its Windows users on time.
As earlier mentioned by Google, the terms and policies of the Project Zero were subject to changes. The search giant now believes that there is a need to make an extension to the timeframe that it offers to developers to fix the bug. Google would offer a 14 days grace period to the developers, additional to the 90 days that were earlier offered. The extension period will be added only if requested and on being notified by the developer team about the current status of the fix.`
Well, this might have fuelled Microsoft’s anger a little more. Microsoft claimed to have notified Google about the current status of the bug fix and also the date on which they supposed to roll out the update, which was unfortunately just two days post Google knocked down Microsoft by publishing all those vulnerabilities. Anyhow, Google chose to ignore the request.
Microsoft was highly offended by Google’s actions and vented out all of its frustrations though a blog post. Ironically, this didn’t stop the search giant to disclose two of the other vulnerabilities that it founded later. Microsoft further criticized Google’s approach of making the bug known publicly and said that it could have found a better way to inform users so that they can make preparations against the threat.
Well, after trolling the Redmond giant for a couple of times, Google thinks it should now offer an extension period in case the developer team fails to roll out a fix pointed out by them.