So Epic release an installer for Fortnite outside of the play store, @TimSweeneyEpic bitches about the store the whole time, and when Google do Epic's job and find a security issue, wait for the patch to go out and then alert users to the issue, Tim whines even more about Google?
Is that practice sound though? With disclosure 7 days after patch issuance, it seems to me that vendors would have to run updates in the background and force-update all users to ensure that nobody is unpatched after 7 days. Maybe this is why Windows 10 updates are so pushy?
-
-
Wouldn’t it be safer to disclose the technical details of vulnerabilities based on adoption rate of updates rather than mere availability? Of course the PR about the existence of a vulnerability and importance of updating could go ahead without disclosing the technical details.
-
Case in point: This sort of policy would be disastrous if Google applied it to to security flaws they discovered in their own software, given the Google/IHV/carrier bottlenecks in pushing Android OS updates.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.