1. Ulrich

    My favourite comment is:

    we underestimated the number of sites that had already patched

    It is nice to think that the sites were so quickly updated.


    • Otto

      The security team is working on establishing a line of communication there, so that we can hopefully more accurately target this sort of thing in the future. Google did this on their own this time, hopefully we’ll be able to provide better information and thus help more people in the long run.


  2. GJP

    “Google was aware that notices would be sent to site owners who already updated but chose to send them anyway due to the seriousness of the vulnerability.”

    This actually has the opposite effect, in the long run, than what they intended. People who get false reports tend to ignore them in the future — when they count.


Comments are closed.

%d bloggers like this: