Microsoft isn’t happy about Google’s disclosure of a zero-day vulnerability in Windows 8.1, and the company has publicly voiced its displeasure.
In a blog post entitled “A Call for Better Coordinated Vulnerability Disclosure,” senior director of Microsoft’s Security Response Center Chris Betz admonished Google for disclosing the vulnerability only two days before Microsoft was scheduled to fix it during its “Patch Tuesday,” of which Google was fully aware. Google disclosed the vulnerability as part of its Project Zero initiative, which gives companies 90 days’ advance warning to fix vulnerabilities before disclosure.
The disclosure, the second in a few weeks made by Google regarding Windows 8.1 vulnerabilities, followed the Project Zero timeline. According to Betz, Microsoft believed this worked against the spirit of coordinated disclosure and software security.
“We asked Google to work with us to protect customers by withholding details until Tuesday, Jan. 13, when we will be releasing a fix,” Betz wrote. “Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha,’ with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
Microsoft adds Visual Studio to GitHub Student Developer pack, moves Roslyn to GitHub
Microsoft is systematically moving more and more of its eggs into the GitHub basket, adding a free version of Visual Studio to the GitHub Developer Student pack and announcing plans to migrate its Roslyn C# compiler codebase from CodePlex to GitHub.
Visual Studio Community 2013 is now available as part of the GitHub Student Developer pack, GitHub’s free collection of developer tools and resources for students. The release includes Visual Studio itself, Visual Studio Online, and the ability to host apps on Microsoft Azure. In addition to the student developer pack, Microsoft’s DreamSpark student developer tools provide access to SQL Server, training courses and Windows Store developer accounts.
More details are available in a blog post from S. Somasegar, corporate vice president of Microsoft’s Developer Division.