Adam Gowdiak Discloses Unpatched Security Flaws in Google App Engine

Google’s Project Zero vulnerability research group has drawn some flak recently for its practice of publicly disclosing security flaws in software from other vendors after a 90-day notice period, regardless of whether patches are available or not.

Friday, the company may have gotten a small taste of its own medicine when Polish firm Security Explorations Friday released details on several unpatched vulnerabilities in Google’s cloud software after the Internet giant allegedly failed to respond in a timely manner to the issue.