What Does Google Have to do With Hacking at Microsoft?


Microsoft Corp. (NASDAQ:MSFT) has reported hacking through Windows related to a security hole found by a Google Inc. (NASDAQ:GOOG) researcher, who made the flaw public without going to Microsoft first.

The Google programmer in question, Tavis Ormandy, has criticized Microsoft for not being quick enough to discover and fix security flaws in its code. The world of security engineers has a code of ethics in which once an engineer discovers a security flaw and submits it to a company, that person is supposed to give the company between 30 and 60 days to fix the problem before making the hack public.

Ormandy first discovered the bug in Windows at the end of May and released the hack without first approaching Microsoft. Ormandy has a reputation for being aggressive with Microsoft: In 2010, he gave the company just five days to fix a bug before he made the code public. Google chose to side with Ormandy, saying in May that it would only give companies a week’s notice before publicizing flaws found by its researchers.

Microsoft didn’t give many details about the attacks reported Tuesday. The company said hackers had launched “targeted attacks” on its Windows operating system. Targeted attacks usually refer to cyber attacks on the government or corporations motivated by malicious intent. Microsoft declined to answer questions from Reuters when asked if the attacks were related to Ormandy’s bug.

Google also didn’t comment on the matter except to say that Ormandy’s discovery of the Windows bug was not related to his work for the company. Many have criticized Ormandy for his aggressive manner. “You have to ask yourself if the public disclosure of this vulnerability before Microsoft was ready to protect against it was really to the benefit of internet users,” said Graham Cluley, a security expert who’s been vocal about his disapproval of Ormandy’s methods in the past.

Follow Jacqueline on Twitter @Jacqui_WSCS

Don’t Miss: BlackBerry’s Latest Fire May Mean More Bad News.