Announcement

Collapse
No announcement yet.

Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities

    Phoronix: Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities

    Google engineers are proposing a new framework called "Know, Prevent, Fix" in dealing with open-source security vulnerabilities...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I Know the way to Prevent security issues and Fix privacy violations is to focus on services that exist for the purpose of servicing people rather than servicing googul to people's information.

    Why are googul services free? Because they have estimated they'd make more money this way, rather than to charge what it costs to develop and provide the service plus some profit margin.

    Comment


    • #3
      In the libre-software and open-source worlds there is sometimes only one developer, or a handful of people, and it is not their job. Probably, many will not have the experience and skills to understand alternative ways of exploiting the vulnerability beyond the example they have been given. Even for large companies, this assumes that they have people with enough knowledge of the dark arts, and understanding how things such as javascript, etc fit into the overall picture, who can be spared to do this thoroughly and in the time before a vulnerability is made public.

      Yes, in an ideal world fixes would be perfect.

      Comment


      • #4
        Google is a security vulnerability, where do I report them?

        Comment


        • #5
          Originally posted by peppercats View Post
          Google is a security vulnerability, where do I report them?
          You can start by reporting it to your friends.

          Comment


          • #6
            They seem to be putting a high priority on identifying and targeting the individual.

            This reminds me of the rumored system deployed at MITRE, identifying internal system threats, before their project manager was found in a New Jersey landfill.

            Comment


            • #7
              Originally posted by ddriver View Post
              Why are googul services free?
              Because you're not the customer, you're the product being sold. Duh.

              Comment


              • #8
                reviews ensure that at least one person other than the author is looking at every change. Code reviews are a standard practice for all changes within Google.
                Having enough technically competent people that are also willing to do code reviews (without ego) seems to be an issue.

                Do the "learn to code" movement and coding camps help this situation? I think in many cases it seems to accelerate the amount of code produced by people have very limited and targeted skill sets. It seems like having fewer developers that are both open and have advanced degrees / deeper knowledge would help.

                Comment


                • #9
                  So much hate towards Google that people rally against it even when they're actually doing something good.

                  Comment


                  • #10
                    "Know, Prevent, Fix"

                    Yeah right. Everybody knows there is a security vulnerability that points right at --------> Google. Google = data thief.

                    Google will never prevent it.

                    Google will never fix it.

                    I really ought to create a bug report just so they can mark it as WONTFIX.

                    Comment

                    Working...
                    X