The tiniest flaws in software can enable cyber criminals to hack your bank account or take control of your phone or computer.

Now Google has issued an ultimatum to its rivals - including Microsoft and Apple - telling them to patch their software vulnerabilities, or it will make them public within 90 days.

The search giant’s move has ruffled feathers, but Google claims it is designed to protect consumers from fast-moving cyber criminals and President Obama is calling for a collaborative response.

Google has issued an ultimatum to its rivals, telling them to patch their software vulnerabilities, or it will make them public within 90 days, it has been reported. The company's logo is shown

The Palo-Alto based company assembled a crack team of hackers and programmers called Project Zero in July to trawl its own – and its competitors – software for security flaws and give companies a deadline to fix them, Financial Post reported.

But some critics claim that’s a job for a neutral body. For example, John Dickson, a principal with software security company Denim Group Ltd. in San Antonio said: ‘I’m not sure who made Google the official referee of the marketplace for vulnerability notification.

He added that pressuring companies to fix flaws is a good idea, but ‘what noble motives they [Google] had in mind could be called into question given the fact that they essentially outed vulnerabilities for two of their biggest rivals.’

Tomorrow, President Obama will visit Google to call on companies to work together and share information to thwart cyber crooks.

Google's Project Zero team's intention is to protect consumers from fast-moving cyber criminals (illustrated witha stock image) by pressuring software providers to fix flaws quickly

GOOGLE’S PROJECT ZERO AND INTERNET FLAWS Google’s crack team of hackers and researchers were assembled in July after the Heartbleed bug hit the headlines. A blog post announcing the team, says: ‘You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. ‘Our objective is to significantly reduce the number of people harmed by targeted attacks.’ Analysis suggests that the project so far has identified 39 vulnerabilities in Apple software and 20 in Microsoft software as well as 37 in Adobe products. Last year, it took firms an average of 205 days to learn hackers had infiltrated their networks, cybersecurity firm FireEye said. Craig Young, a senior security researcher with Tripwire, said that it may be hard for large companies to create a fix within 90 days, but sometimes a flaw is neglected for years. He said that so far, flaws published by Project Zero have not been serious. Advertisement

But many experts are wondering how an industry-wide programme could work, given that the major players are struggling to work together.

MailOnline has approached Microsoft and Apple for comment, with Microsoft pointing towards a blog post written in January for its response.

Opponents of Google’s Project Zero say it could damage online security by pointing out flaws before they are fixed, effectively drawing cyber criminals' attention to code to exploit.

An anonymous source told Financial Post that Apple begged Google not to publicise three flaws in the Mac OS X operating system in January.

The search giant reportedly went ahead, despite knowing a fix was on its way from Apple.

Similarly, Microsoft revealed it asked for two extra days to fix a Windows flaw, but Google publicised the bug.

Chris Betz, senior director of Microsoft’s Security Response Centre, wrote in a blog post in January: ‘The decision feels less like principles and more like a “gotcha,” with customers the ones who may suffer as a result.’

‘What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal. ‘

Microsoft argues that it’s best for researchers to privately tell software providers about software flaws so a fix can be developed before the problem is widely known about.

Mr Betz wrote: ‘Those in favour of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves. We disagree.

‘Releasing information absent context or a stated path to further protections, unduly pressures an already complicated technical environment.

Microsoft revealed it asked for two extra days to fix a Windows flaw, but Google publicised the bug. A stock image of the operating system is shown. Chris Betz, of Microsoft wrote in a blog post: ‘The decision feels less like principles and more like a “gotcha,” with customers the ones who may suffer as a result’

‘It is necessary to fully assess the potential vulnerability, design and evaluate against the broader threat landscape, and issue a “fix” before it is disclosed to the public, including those who would use the vulnerability to orchestrate an attack. We are in this latter camp.’

Mr Betz said that Microsoft believes in coordinated vulnerability disclosure (CVD).

‘This is a time for security researchers and software companies to come together and not stand divided over important protection strategies, such as the disclosure of vulnerabilities and the remediation of them.,’ he said.

‘Policies and approaches that limit or ignore that partnership do not benefit the researchers, the software vendors, or our customers. It is a zero sum game where all parties end up injured.’

Google’s supporters say its approach could lead to fixes being developed more quickly and Tom Gorup, a manager with Rook Security in Indianapolis says it’s good for the industry.