You need to know what's on the cutting-edge of technology. Find out what's coming and the unique Warptest POV with just one click on the "Blog" tile.

Google Project Zero With Great Power Comes Great Responsibility.

Google Project Zero With Great Power Comes Great Responsibility.

Google Project Zero Is a Project…

…where Google discovers security bugs (not exclusive to their own software or technology) and once they notify the owner of said software the countdown clock begins.

Once 90 days ends Google will as threatened reveal the bug publically.

google project zero - site

Screencapture: from the Google Project Zero homepage

The idea behind this is to encourage a safer internet for all but there are inherent questions when it comes to Google and Microsoft.

Vendetta

The long running feud between Google and Microsoft has displayed a variety of outright hostile behaviors: –

  • Microsoft’s Scroogled campaign.
  • Google’s repeated blocking of apps like Google Maps or YouTube from making it onto Windows Phone (after working in collaboration with Microsoft to develop the app).
  • Google’s attempts to shut down ActiveSync in favor of their own CalDav and CardDAV.
  • Microsoft’s GMailman Ad.

These and many more reflect the harsh competition between the two companies in many areas:

Search, Location, Online Productivity Apps, Cloud Storage, Mobile, Mobile Apps, Operating Systems, Browsers and more.

Forget about “Hello I’m a Mac and I’m a PC”. This isn’t just negative marketing but has reached a point where users are being affected.

Get a Mac Ad courtesy of YouTuber LukePuuk

The Warptest POV

The main concern is that this situation seems to be only escalating and the consumer may benefit long term but could be harmed in the short term… DO NO HARM .. remember that?

The whole issue is exacerbated by the resounding absence of any Google security bugs in the same database. One would assume that the only thing better than outing your competitors bugs is showing how well you fixed your own. Unless you subscribe to the ludicrous notion that somewhere software exists with zero bugs.

Testing is not about “outing” bugs as an act designed to extort fixes or embarrass your competition because let’s face it Google, you are giving the finger not to Microsoft but to Windows users when you publicize a bug that the fix is not entirely ready for.

Will this encourage speedier solutions or compromises in testing and deploying the bug fix? Won’t the compromises just lead to regression issues? The goal shifts from fix the bugs to fix the bugs in time and not in a good way.

So come on Google, it’s time to remember that with great power comes great responsibility. Don’t be that guy.

It’s time to reexamine the paradigm for Project Zero and realize that every time Google publicizes one of these bugs they become part of the problem, not the solution.

Google Project Zero - With Great Power

Comic cover art and quote with thanks to the incredible Marvel Comics

As a tester and a consumer, I may not be pleased to learn that Microsoft hasn’t patched these issues yet but I’m seriously <redacted> at Google over this. There are lessons here for Google and Microsoft that clearly need learning.

Google should continue to test for security issues but if you are going to threaten others with a ticking clock shouldn’t the time frame match a real estimate of how long it would take to develop, test and deploy the fix? I doubt that all bug fixes at Google receive the same arbitrary timeframe.

How about you? Do you think Google needs to dial it back for the sake of the consumer?

 
Comments

This is standard practice in the security world. You find an exploit, notify the manufacturer and give them a reasonable timeframe to fix the issue. This is not Google trying to screw Microsoft. This is Microsoft not being agile enough to fix the issue and issue a fix within that reasonable timeframe. As to their not being Google bugs in the DB that’s probably because the project is aimed outwards and not inwards. Google responds to reports from other security firms in a timely manner and so have never been faced with the embarrassment of another firm pointing out its exploitable bugs before a fix could be released. Had Microsoft done the work necessary to patch the holes they wouldn’t have egg on their face.

Sorry Dan but I’m going to have to disagree. Google have consistently behaved badly towards Windows and Windows Phone users and exposing exploits that put the consumer at risk is giving those consumers the finger. It’s thoughtless and beneath contempt. If the code needed more time to test before deploying who did it help by setting an arbitrary deadline? Perhaps if Google spent more time refining their own products like Glass or Google+ and less time taking cheap shots at the consumer for picking other vendors then their products might be more successful. Just saying.

Trackbacks for this post

Leave a Reply