Last week, Google has announced the cutting down of ‘patch gap’ in half for Chrome and the future plans of cutting it down further are also making the headlines.
Security Engineers at Google told that the ‘patch gap’ for Google Chrome which earlier was 33 days has now been successfully reduced to only 15 days. Some of you might be wondering what exactly a ‘patch gap’ means, it refers to the time frame it takes from when a security bug gets fixed in an open-source library to when that fix reaches in software which used that library.
These days, when the software ecosystem contains most of the apps relying upon the open-source modules, patch-gap plays a major role as it creates a potential security risk.
How Patch-Gap involve Major Security Risk?
As soon as a security bug gets fixed by someone in a particular open-source library, all the details related to that bug become available in the public domain. It is simply because of the open nature of the open-source libraries and projects. Now, the software which is largely dependent on these easily accessible components available in open source libraries, become vulnerable to the attacks and exploits that hackers can craft by exploiting the details regarding the security flaws.
How Patch-Gap will be Useful?
Considering the likeliness of the aforementioned possibility, if the software developers are releasing patches on a fixed release schedule which includes updates incoming every week or in a couple of months, the patch-gap here will allow hackers to set-off attacks that most software will have difficulty in dealing with.
A member of the Chrome Security team, Andrew R. Whalley said, “We now make regular refresh releases every two weeks, containing the latest severe security fixes,”
“This has brought down the median ‘patch gap’ from 33 days in Chrome 76 to 15 days in Chrome 78, and we continue to work on improving it,” he further told.