They're both in the wrong. Epic for screwing it up and rushing rather than investing in security, and Google for trying to score PR points at the expense of their users. Google is being anti-secure here by not allowing the update to filter through the ecosystem.
Someone1234|7 years ago
Except this is how Google has always handled these bugs. The article even links to other examples involving other companies.
> Google is being anti-secure here by not allowing the update to filter through the ecosystem.
Or pro-secure here by telling users to urgently update rather than doing nothing and hoping nobody spots the bug and starts exploiting it before users get lucky.
zaarn|7 years ago
You don't have to go yelling about the fact you're distributing a highly important security patch, that only draws the attention of the bad guys.
Wanting to distribute such patches as low profile is a valid choice and is not "doing nothing and waiting to people to exploit it".
unknown|7 years ago
[deleted]