Just yesterday Google posted a brief entry about their stand on security on their official blog that certainly got me thinking.
On its own, the announcement is a nice one. It talks about the fact that there is a Google Security Team and that they have posted their security philosophy as a company, which is always welcome in these security-conscious times. Given how many services are now tied in to an user's Google Account, I'd want to make sure there's a clear channel of communication with Google's security group in order to report issues or compromised accounts.
The official philosophy page also stresses the importance of responsible disclosure when it comes to reporting discovered vulnerabilities. It quickly calls to mind the recent issues experienced by Mozilla related to a recent false security vulnerability announced by a hacker duo. Thus, Google clearly presents where to direct security-related reports or inquiries for various Google services.
On the other hand, ensuring there is an organized security structure for Google makes you think they're formalizing a lot of their processes. This could mean anything ranging from simply another part of their efforts for continuous improvement or it could be related to making Google Accounts free in all markets and not just in limited countries. By fulling opening the Google experience to the world, you can expect a larger amount of efforts directed at locating breaches in their applications.
Just a thought, really.
No comments:
Post a Comment