| Home : May 30 2013 Computer News : Software vendors should respond to actively attacked vulnerabilities within seven days, Google says |
|
Software vendors should respond to actively attacked vulnerabilities within seven days, Google says |
May 30, 2013
Google wants vendors to fix or offer mitigation advice for previously unknown and actively exploited software vulnerabilities within seven days of their discovery."After 7 days have elapsed without a patch or advisory, we will support researchers making details available so that users can take steps to protect themselves," Google security engineers Chris Evans and Drew Hintz said Wednesday in a blog post.In 2010, Google researchers proposed a public disclosure deadline of 60 days for critical vulnerabilities and said that vendors should release a patch or mitigation information for them within that time frame."Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation," the Google security engineers said. "The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised."To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2040326/software-vendors-should-respond-to-actively-attacked-vulnerabilities-within-seven-days-google-says.html#tk.rss_all
|
|
|
|
|
