Google Discloses Details of an Unpatched Microsoft Vulnerability
Google’s Project Zero is serious about releasing the details of security vulnerabilities 90 days after they alert the vendors, even if they’re unpatched. It just exposed a nasty vulnerability in Microsoft’s browsers.
This is the second unpatched Microsoft vulnerability it exposed last week.
I’m a big fan of responsible disclosure. The threat to publish vulnerabilities is what puts pressure on vendors to patch their systems. But I wonder what competitive pressure is on the Google team to find embarrassing vulnerabilities in competitors’ products.