Lumbering like the old-school technology firms it sometimes derides, Google has finally issued a patch for a master key vulnerability in Android that Bluebox called to its attention back in February. “Is Google eating their own dog food?” asked Randy Abrams, a research director at NSS Labs. In May, Google security engineers stated that the company’s standing recommendation was to have critical vulnerabilities fixed within 60 days and those being actively exploited should be fixed within seven days, he noted. 
