14 DAY TRIAL // Recently, Google has announced its plans to disclose the details of actively exploited vulnerabilities after 7 days if the impacted vendor doesn’t come up with a fix for the issue. However, some experts argue that the decision might not have the expected effects.
According to Trend Micro CTO Raimund Genes, disclosing a vulnerability after 7 days is reasonable, but expecting a patch in such a short timeframe is not.
“On one hand of this difficult task, an actively exploited vulnerability is known in the underground and news spreads like wildfire, so more and more malware writers are exploiting the software vendors vulnerability,” the expert said.
“On the other hand, a quick patch could have negative side effects and could cripple a computer application or the complete system.”
Furthermore, Genes is not so sure that Google would be able to fix its own vulnerabilities in 7 days.
“Currently, there’s a Google Android Trojan spreading which is able to hide itself from the ‘Device Administrator’, which renders it invisible from security programs and clean up attempts. This was possible because of a security flaw in Android. Will Google be able to fix this within 7 days?” he noted.