Announcement

**ddriver** · 03 February 2021, 02:03 PM

I Know the way to Prevent security issues and Fix privacy violations is to focus on services that exist for the purpose of servicing people rather than servicing googul to people's information.

Why are googul services free? Because they have estimated they'd make more money this way, rather than to charge what it costs to develop and provide the service plus some profit margin.

**zerothruster** · 03 February 2021, 02:53 PM

In the libre-software and open-source worlds there is sometimes only one developer, or a handful of people, and it is not their job. Probably, many will not have the experience and skills to understand alternative ways of exploiting the vulnerability beyond the example they have been given. Even for large companies, this assumes that they have people with enough knowledge of the dark arts, and understanding how things such as javascript, etc fit into the overall picture, who can be spared to do this thoroughly and in the time before a vulnerability is made public.

Yes, in an ideal world fixes would be perfect.

**peppercats** · 03 February 2021, 02:58 PM

Google is a security vulnerability, where do I report them?

**stikonas** · 03 February 2021, 04:22 PM

Originally posted by peppercats View Post

Google is a security vulnerability, where do I report them?

You can start by reporting it to your friends.

**ThoreauHD** · 03 February 2021, 05:29 PM

They seem to be putting a high priority on identifying and targeting the individual.

This reminds me of the rumored system deployed at MITRE, identifying internal system threats, before their project manager was found in a New Jersey landfill.

**jabl** · 03 February 2021, 05:53 PM

Originally posted by ddriver View Post

Why are googul services free?

Because you're not the customer, you're the product being sold. Duh.

**creoflux** · 03 February 2021, 09:26 PM

reviews ensure that at least one person other than the author is looking at every change. Code reviews are a standard practice for all changes within Google.

Having enough technically competent people that are also willing to do code reviews (without ego) seems to be an issue.

Do the "learn to code" movement and coding camps help this situation? I think in many cases it seems to accelerate the amount of code produced by people have very limited and targeted skill sets. It seems like having fewer developers that are both open and have advanced degrees / deeper knowledge would help.

**vladpetric** · 03 February 2021, 10:14 PM

So much hate towards Google that people rally against it even when they're actually doing something good.

**ezst036** · 03 February 2021, 11:26 PM

"Know, Prevent, Fix"

Yeah right. Everybody knows there is a security vulnerability that points right at --------> Google. Google = data thief.

Google will never prevent it.

Google will never fix it.

I really ought to create a bug report just so they can mark it as WONTFIX.

Announcement

Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities

Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment