top | item 8874195

(no title)

The "second-tuesday-of-the-month" policy is a completely arbitrary MS-only policy.

If Google (or any other group that discovers security issues) has to take into account every policy of every software producer it becomes utterly impossible to have any disclosure policy.

If MS wants to handicap themselves, that's their problem. The rest of the world doesn't have to bend to their will, those days are over.

Yes, this is about being an ass. And it's Microsoft that's being an ass by claiming the rest of the world should take into account their peculiar policy.

discuss

Beltiras|11 years ago

The patch-day policy is not for Microsoft, it's for sysadmins who maintain the installations.

eropple|11 years ago

Have you ever managed a nontrivial installation of user-facing desktop systems? 'Cause if not, declaring the policy of a predictable, telegraphed-well-in-advance day on which security patches will drop "peculiar" kind of just reveals where your head's at.

jenscow|11 years ago

The rate at which security vulnerabilities are reported/abused isn't predictable.

Please don't sit on a fix until the time is more "convenient", give it to me now and let me be the judge on how important this security patch is to me.

itg|11 years ago

The "90 days" policy is a completely arbitrary Google-only policy. There is no reason they couldn't wait a bit longer before disclosing.