Google's Vulnerability Reward Program: Making Friends with Hackers

One of the more common criticisms being levied at the cloud industry is the security risks inherent in the model. And the reason why it’s still fending off these criticisms up to this day is that it has some ground. In fact, even Google – which is one of the large companies and authorities that defend the cloud’s security – acknowledges that there will always be security risks as evidenced by their Vulnerability Reward Program, which was started last 2010 and continues to this day.

Google’s Vulnerability Program is basically a bug bounty program that encourages hackers to hunt down or search security vulnerabilities in their services, and pays them for any new vulnerabilities they find, which Google then fixes.

Some of the more serious problems that were caught by white hat hackers were the ability to get control of a Google server simply by playing with Google Calendar, or hacking into in order to gain admin access to all the hosted blogs. What’s more amazing is that the hackers who found the vulnerabilities did not use any sophisticated root kits or under-the-hood Unix scripts to find the vulnerabilities. All they needed to do was play around with the services.

The problems that were outlined above have since been fixed, but it is not unwarranted to think that there may be more vulnerabilities waiting to be discovered, especially since Google’s Vulnerability Reward Program is still going on.

The Silver Lining

One thing that users of cloud need to keep in mind is that the security issues with cloud services is basically the same security issues present in offline software, the only difference being that putting your files on the cloud puts the responsibility of ensuring security in the hands of the cloud service providers – they will have to handle encryption, backups, and patching of security holes instead of you. This means if you want to be secure in the cloud, you need to be wise in choosing which cloud company to sign up for, as you’re basically entrusting the security of your files, documents, and even business to them.

Google’s Vulnerability Reward Program proves that a company can be proactive with regard to security, and they have effectively earned the trust of users by showing that they can work with hackers – who would otherwise be their enemies – in ensuring that their services are secure and spot free.

One comment

  1. Thanks for the
    article. We all need to be more proactive about our personal account
    security. To me Google is showing that
    they are concerned about security and that is why I prefer their services. I
    use Two-Factor Authentication across a lot of my accounts. I feel a lot more
    secure when I can telesign into my account. If you want to compete this is a
    prerequisite to any system that wants to promote itself as being secure.

Leave a Reply

Your email address will not be published. Required fields are marked *