In the software world, there has been a longstanding gentleman's agreement between developers and security professionals. The agreement has always been that if a security flaw is found in a major piece of software, the flaw will be revealed only to the development team of the product. The flaw will not be revealed to the public until the developers have had ample time to research the problem and decide how to handle it, plus time to release a patch.
Unfortunately, in recent years, the software industry has changed; it is no longer populated by professionals, but instead by children who have no frame of reference for how actions affect others. Google has been the poster child for unprofessional behavior dressed up as cute, with no regard for the impact of their actions. A great example of this corporate culture issue is Google Project Zero.
The concept of the program is sound: a security research firm within a software company ensuring consumer safety. That is not how they treat the program, however. Instead of researching their own software, or the software that affects their platforms, of which there would be plenty to research (tablets, Chrome, Android), but that isn't their main goal. Instead, they spend their time researching the competitors: Microsoft and Apple.
Even that concept is not bad - a external source of security information can be essential. The problem with Project Zero is the way Google handles data: incredibly unprofessionally. They start the way a sane, rational adult would handle it: they release the information to the development firm. That is where the rational ends, though. The information has a set 90 day shelf life, which Google does not feel it important to amend, no matter the severity of the issue in question. That means, if there is a flaw in Windows that could take 4 months to fix and patch, Google will release how to exploit the issue to the public at least a month before a patch can be issued.
If your goal is to be a professional member of the community, that is unacceptable behavior. Google, however, has never had any interest in being a professional, valuable member of the software community, or the global community as a whole. Instead, their goal is to be the "popular kids." If you remember the "popular kids" from school, they were the ones that no one actually liked - they just had the ability to convince people they were popular by being mean to everyone that isn't them.
Based on their recent behavior, I can only assume that this is the mentality they are going for, either consciously or subconsciously. Luckily, their mean girls routine hasn't caused any real damage yet, but it will. At some point they will uncover something major and release it to the public causing massive consumer damage. Hopefully, with information in the public, Google will feel pressure to stop acting out and treat the industry with respect. If not, the only solution will be for consumers to make their voice heard and tell Google their behavior is not acceptable.
Be the first to comment!