Google’s Project Zero Proves It’s Not Just Picking On Microsoft By Exposing Apple OS X Flaws

Over the past month, Google’s Project Zero service has outed a handful of Windows bugs – some minor, some severe. This is a practice that has been debated a lot, with some believing that Google’s putting us all at risk when publishing vulnerabilities, and others believing that it’s doing us all a favor by forcing software vendors to stop messing around when it comes to patching and fixing bugs.

As per Google’s Project Zero rules, once a bug is submitted, a timer of 90 days is started. At the same time, the software maintainer is contacted and notified of the bug. From that point on, it’s up to the maintainer to patch the bug and issue a fix. Regardless of whether or not that happens within the 90 day window, Google declassifies the bug, in effect letting the world in on a potentially massive exploit.

Regardless of whether the practice is right or wrong, it’s seemed lately like Google’s had a serious beef with Microsoft, as the most talked-about bugs have been Windows-related. Well, the big G has just answered that question: No beef; it’ll publish as per its rules, period.

With the fresh publishing of three brand-new OS X bugs, that’s proven. All three of the bugs seem specific or not-so-severe, though one Bluetooth-related bug could result in memory corruption. We’re not quite sure when bug fixes will be issued, but Apple is typically not one to rest on its laurels once one is outed.

Ultimately, this once again raises the question of whether or not Google is right in publicizing unfixed bugs. Regardless of opinions though, if this helps make sure that bugs get squashed sooner, that’s a benefit for all of us.