Microsoft isn’t happy about Google’s disclosure of a zero-day vulnerability in Windows 8.1, and the company has publicly voiced its displeasure.
In a blog post entitled “A Call for Better Coordinated Vulnerability Disclosure,” senior director of Microsoft’s Security Response Center Chris Betz admonished Google for disclosing the vulnerability only two days before Microsoft was scheduled to fix it during its “Patch Tuesday,” of which Google was fully aware. Google disclosed the vulnerability as part of its Project Zero initiative, which gives companies 90 days’ advance warning to fix vulnerabilities before disclosure.
The disclosure, the second in a few weeks made by Google regarding Windows 8.1 vulnerabilities, followed the Project Zero timeline. According to Betz, Microsoft believed this worked against the spirit of coordinated disclosure and software security.
“We asked Google to work with us to protect customers by withholding details until Tuesday, Jan. 13, when we will be releasing a fix,” Betz wrote. “Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha,’ with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
Microsoft adds Visual Studio to GitHub Student Developer pack, moves Roslyn to GitHub
Microsoft is systematically moving more and more of its eggs into the GitHub basket, adding a free version of Visual Studio to the GitHub Developer Student pack and announcing plans to migrate its Roslyn C# compiler codebase from CodePlex to GitHub.
Visual Studio Community 2013 is now available as part of the GitHub Student Developer pack, GitHub’s free collection of developer tools and resources for students. The release includes Visual Studio itself, Visual Studio Online, and the ability to host apps on Microsoft Azure. In addition to the student developer pack, Microsoft’s DreamSpark student developer tools provide access to SQL Server, training courses and Windows Store developer accounts.
More details are available in a blog post from S. Somasegar, corporate vice president of Microsoft’s Developer Division.
On top of the free student developer resources, Microsoft also announced plans to move the code of its open-source Roslyn C# compiler from CodePlex to GitHub this week, under the supervision of the .NET Foundation. The company will also modify its pull request system, which may cause a temporary backlog.
More information can be found in the C# team blog post.
Rust reaches 1.0 alpha
Rust, the Mozilla-backed programming language designed for memory safety, performance and concurrency, has reached alpha version 1.0.
Rust 1.0 alpha contains a finalized set of language features and core libraries. The team plans to release the first beta version in six weeks, which will include improvements to associated types, unboxed closures and generics, path reform, complete API documentation, and an overhaul of the I/O APIs.
More information about Rust is available here.
IBM broke U.S. patent record in 2014
IBM became the first company to exceed more than 7,000 patents in a year in 2014, announcing that it received 7,534 patents.
Averaging more than 20 patents per day, IBM research and development patents covered areas such as cloud computing, analytics, mobile, social and security inventions. Next on the list of top 2014 patent recipients was Samsung with 4,952.
More details can be found in the IBM press release.