Incredible that this is still debated at all! If you have wide spread software and there is a critical security hole: You fix it! NAO!7 days is nice as a start. But actually bits and bytes know speed a little different than us puny humans. 7 days is enough to infect the whole world!
Better and faster security. Superb!
I approve of this maneuver. If the vendor doesn't respond after a week, they cannot be trusted to secure their customers.
This is a fantastic policy for companies that are cloud based such as good. However those companies that provide enterprise software a customer has to install and test. is NOT going to be able to fix, test, release to customer, customer pick up the fix, customer test, submit change requests and deploy in < 7 days. You guys are going to expose more customers to these sorts of issues. Why not work with the companies to release guidance if they can't fix the issue. Google has no idea about enterprise customers. No enterprise is going to pick up any software from you they have to deploy.
I like it. Way to keep us safe :-D
Will you also be holding the rest of Google to the same standard?
Compared to some researchers, this is charitable. A certain proportion of them think full disclosure should be the norm so that the affected parties can begin to mitigate the trouble.
Post a Comment