We believe in coordinated vulnerability disclosure, and todayâ€™s disclosure by Google puts customers at potential risk.
Does “coordinated vulnerability disclosure” mean everyone has to ask Microsoft’s permission to warn the public of security issues? “coordinated disclosure” of anything to me sounds an awful lot like an excuse for censorship.
As for Google, if they had made specific examples of the exploit being used, that would have been helpful. If example.com was using Flash Player to breach users’ security (I doubt they are), and Google had disclosed this information, people would then know to stay away from example.com. However, since Google has not told us who is using this exploit, it’s possible that Google straight-up lied about this, perhaps to avoid criticism regarding their 7-day policy.