The exposure of security breaches from Google to its major opponents on the market (Microsoft, Apple) leaves room for doubt, as to the true motive that has been driving Google so far.
Goggle seems to have taken its role of exposing security vulnerabilities truly seriously, as there are continuous threats to expose such breaches targeting its main rivals in the field of technology – and the threats are made real ahead of time, leaving its rivals unable to defend their products. Microsoft and Apple have experienced the strict nature of Google and its elite team of professionals who work towards detecting and exposing the vulnerabilities (called Google Project Zero – for more information, you can check their blog).
The typical procedure of exposure offers the company a period of 90 days, in which they have to patch the problem and dispose of any vulnerability that had been detected. If the company cooperates and succeeds in securing its product, nothing bad happens. If it does not, it seems like hell breaks loose and Google brings the details of the security breach to absolute light. Though such a mechanism motivates tech companies to become more committed to the sense of security for all their products and services, a question is still unanswered; what are the true motives, which is the driving force that has led Google to pursue such power over its major opponents in the market?
In the event of Apple disclosure, three vulnerabilities have been found and there have been no actual comments from the company on the matter. As they firmly state within their product security page: “For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Apple usually distributes information about security issues in its products through this site and the mailing list below.” On the other hand, Microsoft has commented on the revelations via a blog post on January 11th.
In this blog post, the senior director of Microsoft’s Security Response Center Chris Betz has reported: “It is necessary to fully assess the potential vulnerability, design and evaluate against the broader threat landscape, and issue a “fix” before it is disclosed to the public, including those who would use the vulnerability to orchestrate an attack.” He then addressed Google and stated: “Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
The truth is that there are many people who support the idea that straightforward exposure of security vulnerabilities can result in negative consequences for the wider public. This means that hackers and other hostile intruders with malicious intent would be able to penetrate the security systems far more effectively and immediately, should they have information on the security breaches. This can act truly catastrophically and people have been wondering whether full cooperation without any other motive of gaining something out of the whole process would be the best tactic to follow.