Technology success is built on R&D. It is built on trial and error. It is built on innovation. Hardware or software, consumer tech or B2B enterprise tech – it all evolves. Software especially is fluid, and patches, fixes, updates are constantly being addressed by every company that develops software – it goes hand in hand with any development cycle.
What is critical in software development though, is how companies address an issue if a certain vulnerability is found – either by the company or a user of the product. Ask yourself if the software company you work with takes this vulnerability seriously. Do they release a patch or fix within a very short period of time? Do they address a customer’s concerns? Do they provide a help desk and support team to walk customers though any issues?
On this, there has been some speculation by Google about a security vulnerability with Comodo’s “Chromodo” browser, a browser which competes with Google Chrome.
It should be made clear that the vulnerability was not with Comodo or the Chromodo browser itself, but rather with an add-on. The issue has now been fixed and addressed. Comodo released an update of Chromodo on Wednesday (Feb 3) without the add-on, removing any issues and the update went to all current Chromodo users as well. (version v22.214.171.1242)
At Comodo, we welcome any feedback on vulnerabilities, it’s how we ensure we protect customers. Unfortunately in this case, Google reported the vulnerability and then made it public in just 12 days – against its own 90 day policy (https://code.google.com/p/google-security-research/issues/detail?id=704). When Comodo was made aware of the possible vulnerability, it contacted the Google researcher and started working to address the vulnerability within the 90 day guidelines. We hope Google will follow the responsible disclosure practices in the future instead of potentially exposing users to greater threats.
It is the responsibility of a trusted security software company like Comodo to address customer concerns quickly, to issue a fix or patch in a timely manner, and provide support for its customer base – and this is what Comodo has done here.