Microsoft invokes six-month deadline to replace vulnerable mobile apps

Share this article:

Microsoft on Tuesday introduced a new policy to bolster the security of the applications available in its various marketplaces. 

Effective immediately, app developers must push an updated app within 180 days of being shown proof of a "critical or important security issue" that is not being attacked in the wild, according to the new policy.

Missing that deadline could result in the app being booted from Microsoft's distribution platforms: Windows Store, Windows Phone Store, Office Store, and Azure Marketplace.

"This assumes the app is not currently being exploited in the wild," Dustin Childs, a spokesman for Microsoft Trustworthy Computing, wrote. "In those cases, we'll work with the developer to have an update available as soon as possible and may remove the app from the store earlier."

Childs admitted that, although unlikely, developers may be unable to issue a fix within the allotted time. In those cases, Microsoft will work with the app creator to deploy a replacement as quickly as possible.

"We expect that developers will address all vulnerabilities much faster than 180 days," the policy states. "To date, no apps have come close to exceeding this deadline."

Microsoft is the latest tech company to suggest a vulnerability fix deadline. Google announced in May that software makers should have seven days to patch "critical" issues under active exploitation

But Microsoft's new policy appears to be the first company that hosts mobile app stores to act in this way. Will Apple and Google (maker of Android) respond next?

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.