The odd computer bug or glitch might not seem like a big deal, but even the most innocuous-seeming security flaw can give hackers everything they need to takeover your phone, PC, or tablet. Once that happens, there’s little you can do to stop them making off with your details and data. One company that takes its security very seriously is US software giant Google, who, tired of what they perceive to be lax standards on Apple and Microsoft’s part, have issued their rivals with an ultimatum: patch your software vulnerabilities within three months or we will make them public.
While Google’s tactics could be seen as a win for security-conscious consumers, not everyone agrees with their hard-line tactic. Despite criticism from some corners of the web, Google insist they are simply looking out for the little guy, doing all they can to protect their users from ever-evolving cyber criminals. The US company, based in Palo-Alto, Texas, unearthed crippling security flaws in its own systems, as well as its competitor’s, as part of an initiative called Project Zero. This project was spearheaded by a coterie of the world’s most skilled hackers and programmers; it’s aim, according to the Financial Post, is to force software manufacturers to tackle their security issues under threat of exposure.
Some commentators, however, are claiming that Google has no right to make such demands, and that regulatory work of this nature should be handled by an independent, unbiased organisation. John Dickson, a senior member of San Antonio software security company Denim Group Ltd., is one such person, believing Google has no right to declare themselves “official referee of the marketplace for vulnerability notification.” He does, however, admit that putting pressure on companies to address security issues is a good idea, but called Google’s reasoning into question, suggesting that this is all part of a plan to blacken and discredit their competitors.
Meanwhile, opponents of Google’s Project Zero claim the initiative ultimately does more harm than good, as it effectively publicises these security flaws, bringing them to the attention of the larger hacking community. These hackers can then seize the opportunity to exploit the bugs while the software manufacturers scrabble to find a quick fix.
Only time will tell whether on not the project will be a success.