November 2nd, 2010, 20:47 PM
Google invites hackers to break in
On Monday, Google expanded its bug bounty program, which the company has used to secure its Google Chrome browser, giving permission to researchers to poke into applications hosted on Google.com, YouTube.com, Blogger.com, and Orkut.com. The invitation is an important acknowledgement that hackers and third-party security researchers are a valuable resource.
"We've seen a sustained increase in the number of high quality reports from researchers and their combined efforts are contributing to a more secure Chromium browser for millions of users," the company says in its blog post.
In the world of desktop systems, anyone can try to find vulnerabilities in a program. While software developers generally throw in the obligatory "no reverse engineering" clause into their end-user licensing agreements, such clauses have not stopped the curious from finding bugs. The result is that companies have had to focus on their products' security. It's no stretch to say that the efforts of hackers are directly responsible for Microsoft's massive push to secure its products and forced other companies -- such as Adobe, Oracle, and Apple -- to follow suit.
Yet the logic that applies to the world of programs running on users' hardware does not apply to Web services running on company-owned servers. When hackers and security researchers have poked into online applications, the results have usually been bad for the researcher.
Full story: InfoWorld