Debunking Google's security vulnerability disclosure propaganda (CNet)

[Posted October 29, 2008 by corbet]

Chris Soghoian takes Google to task for its security policy in this CNet article. "Question: You're a multibillion dollar tech giant, and you've launched a new phone platform after much media fanfare. Then a security researcher finds a flaw in your product within days of its release. Worse, the vulnerability is due to the fact that you shipped old (and known to be flawed) software on the phones. What should you do? Issue an emergency update, warn users, or perhaps even issue a recall? If you're Google, the answer is simple. Attack the researcher."

Debunking Google's security vulnerability disclosure propaganda (CNet)

Posted Oct 29, 2008 17:38 UTC (Wed) by pheldens (guest, #19366) [Link] (1 responses)

Lies, google does no evil.

Evil? No, but

Posted Oct 30, 2008 19:46 UTC (Thu) by smurf (subscriber, #17840) [Link]

I'd not call it evil. Evil would be to sue the researcher.

I'd call it stupid. Or irresponsible, depening on whether they actually care about whether their customers get hacked.

Either way, apparently this is not the first time they reacted this way. Thus, like Apple, they got no grounds to complain when the Responsible Disclosure path will not be taken in the future.