[Dshield] "Google flaw fixed before publication"
eggyknap at gmail.com
Tue Oct 11 15:38:13 GMT 2005
I've seen a couple blog/news/etc. postings now about how Google
apparently fixed a security problem with their system before the
company that initially reported the problem to Google went public with
the details. I realize this is how vulnerability reporting is supposed
to work, ie. Alice tells Bob about a flaw in his software and grants
him some period of time to fix it before she goes public with the
details, Bob fixes it, and encourages his users to patch/upgrade/etc.
Does it happen that way so rarely that this really is news, or is this
1) Google trying to win the hearts of security geeks, 2) some reporter
with nothing better to do, 3) something else entirely?
- Josh Tolley
More information about the list