Google once again publicly discloses a security vulnerability in the Microsoft's product. Both the tech giants share quite a history when it comes to the security vulnerability disclosure. Microsoft and Google are in the continuous rivalry for last 10 years by pointing out the flaws in each other’s software. This time, the search giant has publicly disclosed a flaw in the Microsoft Edge before the patch is ready. However, the Software maker was given 90 days to provide the fix with an additional 14-day grace by Google before going public.
The flaw was first spotted by the Google researchers back in November and the company quickly contacted Microsoft. Google asked Microsoft to fix the issue and deliver the patch within 90 days following its security vulnerability disclosure policy. However, Microsoft was unable to complete the task as the bug was much more complex than it expected. Opposite to its usual behavior, Google provided another 14- day grace to the software maker, but still there was no patch from Microsoft. The Google researcher who spotted the bug has noted that due to the complexity of the bug there is no fixed date yet for the patch from Microsoft. This disclosure will surely heat up the existing competitive relation between both the companies.
The security vulnerability disclosure is a practice to find out the flaws in the available software. Where the vendors and developers wait until the patch is available before going public about the flaw. Conversely, the third parties or researchers whose system or data may be at risk, prefers to disclose it publicly sooner. Back in 2016, Microsoft spotted a Chrome flaw and disclosed it to Google for preparing the patch in the available time. While understanding the Microsoft's struggle with the patch, Google gave extra 14 days with rare exception to its 90-days policy. But, the search giant finally went public after Microsoft fails to meet up the target. Google also gave this exception to the Meltdown and Spectre vulnerability, after the researchers have found the flaw, the company waited six months before sharing it publicly.
Google and Microsoft have a different approach to the security vulnerability disclosure. The search giant believes in the strict policy of providing a patch for the flaw in the limited time or facing the public disclosure. On the contrary, Microsoft intends to avoid the public disclosure and wait for the mitigation or patch to be delivered.