GOOGLE'S VIGILANTE BUG SQUAD has gone public on a third Microsoft vulnerability in a month.
Project Zero, the crack squad of ethical hackers set up in the wake of the Heartbleed debacle, has excelled itself this time, though, including proof-of-concept code to show the Internets how to capitalise on it.
The official Project Zero policy is that, once they find a bug and report it to the perpetrator, they allow 90 days for it to be fixed before going public.
It seems very likely that Microsoft had planned to fix this latest flaw in the next Patch Tuesday, although we can't be sure as the firm has stopped sending us security patch Advance Notifications (don't start us on that again).
So the rigidity with which Google is dispensing its brand of frontier law raises a lot of questions.
Chief among them, many are asking, is who do you think you are and what gives you the right to act as judge and jury for the internet?
There is no question that Project Zero is a valid initiative, but Microsoft has already complained that it would be more efficient and ethical for Google to work with Microsoft rather than be the creators of their own zero-days, which comes across as, let's face it, a bit maniacal.
As for releasing proof-of-concept code into the wild, surely this defeats the object of Project Zero's aims?
You could even argue that this makes it part of the problem instead of part of the solution, as the company is, in essence, giving the hackers a toolkit to work from. µ
Linux hits the DeX
The Net' is closing in
Firm was quick to CClean up after the attack
Sorry (not Siri)