Microsoft and Google have been bitter rivals for at least a decade , and the pair have had several disagreements over security vulnerability disclosure Vulnerability-related.DiscoverVulnerability in recent years . Google is stoking those disagreements again this week by disclosing Vulnerability-related.DiscoverVulnerability a Microsoft Edge security flaw before a patch is available Vulnerability-related.PatchVulnerability . Neowin spotted that Google disclosed Vulnerability-related.DiscoverVulnerability the security flaw to Microsoft back in November , and the company provided 90 days for Microsoft to fix Vulnerability-related.PatchVulnerability it before going public Vulnerability-related.DiscoverVulnerability as it ’ s rated “ medium ” in terms of severity . Google also provided Microsoft with an additional 14-day grace period to have a fix available Vulnerability-related.PatchVulnerability for its monthly Patch Tuesday release in February , but Microsoft missed Vulnerability-related.PatchVulnerability this goal because “ the fix is more complex than initially anticipated. ” It ’ s not clear when Microsoft will have a fix available Vulnerability-related.PatchVulnerability , and the Google engineer responsible for reporting Vulnerability-related.DiscoverVulnerability the security flaw says because of the complexity of the fix Microsoft “ do not yet have a fixed date set as of yet. ” The public disclosure will likely anger Microsoft , once again . The software giant hit back at Google ’ s approach Vulnerability-related.PatchVulnerability to security patches last October , after discovering Vulnerability-related.DiscoverVulnerability a Chrome flaw and “responsibly” disclosed Vulnerability-related.DiscoverVulnerability it to Google so the company had enough time to patch Vulnerability-related.PatchVulnerability . At the heart of the issue is whether Google ’ s policy to disclose after 90 days without a patch is reasonable . Google makes exceptions to this hard rule , with grace periods , and can even disclose Vulnerability-related.DiscoverVulnerability much sooner if the vulnerability is being actively exploited Vulnerability-related.DiscoverVulnerability . Google disclosed Vulnerability-related.DiscoverVulnerability a major Windows bug back in 2016 just 10 days after reporting Vulnerability-related.DiscoverVulnerability it to Microsoft , and the company has revealed Vulnerability-related.DiscoverVulnerability zero-day bugs in Windows in the past before patches are available Vulnerability-related.PatchVulnerability . Two big and obvious exceptions to Google ’ s security disclosure rules were the recent Meltdown and Spectre bugs . Google engineers discovered Vulnerability-related.DiscoverVulnerability the CPU flaws and Intel , AMD , and others had around six months to fix Vulnerability-related.PatchVulnerability the problems before the flaws were publicly disclosed Vulnerability-related.DiscoverVulnerability earlier this year . Chrome OS and Android devices were also affected Vulnerability-related.DiscoverVulnerability by the processor flaws , along with Windows , Linux , macOS , and iOS . Google wants the industry to adopt its aggressive disclosure policies , but Microsoft has so far resisted rather publicly . This latest episode isn ’ t as critical as some of the past disclosures , but it will likely reignite the debate over whether Google , a company with competitive commercial interests , should be leading the way security flaws in rival operating systems are disclosed Vulnerability-related.DiscoverVulnerability in the public interest .