Microsoft reacted angrily when Google posted details of the bug online before a patch to fix the issue was released.
The disclosure was part of Google’s Project Zero initiative that seeks to pressure firms into dealing with security problems more quickly.
Several security researchers disagreed with Google’s actions.
“I feel sorry for the users, who could be impacted by Google’s schoolyard antics,” tweeted expert Graham Cluley, who noted the company had been criticised for similar behaviour in the past.
A brief Discussion on Google’s bug reporting site was divided on the matter;
“Google was wrong with what they did,” wrote one developer.
“They don’t have all of the OS code so they have no idea how much other code would have to be rewritten to correct the problem.
Google has defended its 90-day disclosure policy
“That extra coding takes time to ensure that something else doesn’t get broken in the process.”
But another said: “Google is not evil. Microsoft just slept and did not fix the vulnerability in time. Good job Google.”
Google has not yet responded to the BBC’s request for comment.
Anger
Google’s Project Zero seeks to find bugs in popular software and then give the manufacturers responsible 90 days to fix the problem.
This bug, which affects Windows 8.1, was revealed by Google to Microsoft on 13 October 2014.
On 11 January, Google publicised the flaw. Microsoft said it had requested that Google wait until it released a patch on 13 January.
“We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix,” Microsoft’s senior director of research Chris Betz according to our correspondence;
“Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha’, with customers the ones who may suffer as a result.
“What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
