|
|
|
|
|
|
by rrdharan
3678 days ago
|
|
|
Google most certainly does not fall into the former. Google has had multiple security incidents during the lifetime of the company that resulted in an increasing investment in upping their security profile. Operation Aurora (https://en.wikipedia.org/wiki/Operation_Aurora) was one of them (which of course bit a number of companies and was quite a sophisticated attack), but they have had other screwups, like the SRE spying incident (http://gawker.com/5637234/gcreep-google-engineer-stalked-tee...) and others. For Dropbox, the password incident did result in major and serious change; it was a turning point resulting in significant investment in product and infrastructure security. In my admittedly biased opinion Dropbox now has one of the best security teams out there. For example the product security team invests heavily in the XSS protections on Dropbox's website that are top of class, and stronger than those on many of Google's own first party properties (I'll demur on details here at the risk of likely violating one or more NDAs, but I encourage you to read https://blogs.dropbox.com/tech/category/security/). Source: I've worked as a software engineer at both Google and Dropbox and I'm reasonably familiar with engineering, infrastructure/operational and physical security practices at both organizations. |
|
|