Google Inc (NASDAQ:GOOG) and Microsoft Corporation (NASDAQ:MSFT) are competitors in the tech world, but they are not arch-rivals nor are they known to have a less-than-cordial relationship. They generally seem to get along as people and organizations – maybe it’s the “an enemy of my enemy is my friend” kind of relationship where Apple Inc. (NASDAQ:AAPL) is the enemy. Anyway, it seems that the two companies have generally gotten along and in some cases even try to help each other whenever possible. There has definitely seemed to be a culture of great respect between the companies.
However, when it comes to security, Google Inc (NASDAQ:GOOG) seems a bit frustrated with Microsoft Corporation (NASDAQ:MSFT) in how it handles security risks in Windows. There is an unwritten rule, a handshake agreement, if you will, among the major tech companies that basically says if a vulnerability is found by one company in another company’s platform, then it is to be reported and the offending company should be given up to 60 days to resolve the issue before the vulnerability is reported.
However, for Google Inc (NASDAQ:GOOG) security engineer Tavis Ormandy, Microsoft Corporation (NASDAQ:MSFT) takes too long to fix its vulnerabilities, so he is taking a new tack – he is breaking the “code” and is only giving a few days before publishing and reporting his exploit. And the latest example of a vulnerability is pretty dangerous of Microsoft and Windows, but Ormandy has decided to come out with it now in the hopes of getting Microsoft engineers to work a little faster at correcting problems.
Ormandy discovered a vulnerability recently that can allow hackers to either crash or take control of Windows. He told Microsoft Corporation (NASDAQ:MSFT) a few days ago, but now he has not only published the vulnerability, but he also published the exploit – to serve as a kick in the pants to the security people in Redmond. This is not the first time that Ormandy has pulled this. He sorta got on the bad side of the security world about three years ago when he published a vulnerability only five days after he told Microsoft about it.
So what is the big deal, really, if Ormandy has done this kind of thing before?
Well the big deal is that this seems to be a major vulnerability for Microsoft Corporation (NASDAQ:MSFT) and its Windows OS, and it could be that Ormandy might have been jumping the gun in only giving Microsoft a few days before publishing the exploit. (The vulnerability is one thing, but publishing how to exploit the vulnerability is a different matter). And the other little wrinkle in this story is that though Ormandy has broken the “code” about publishing vulnerabilities, Google Inc (NASDAQ:GOOG) is siding with Ormandy; it has a policy in place that says it one of its engineers find a flaw in another’s code, Google is only requiring seven days from the date of reporting the flaw before publishing it.
Google is a big believer in speed not only in its computers and technology in general, but also in its security and fixing problems. It obviously wants to hold other tech companies to a similar standard. What do you think? Is Google Inc (NASDAQ:GOOG) crossing the line with this, or is this an effective way to address security issues across the tech world? Leave us your thoughts in the comments section below.
DISCLOSURE: None