[aspantel]

When we asked to use another security company for the assessment Google responded: "We understand your concern but you will have to request a security assessment from one of the following independent third-party assessors: Leviathan Security, Bishop Fox".

[aspantel]

Here is the problem explained https://www.theregister.co.uk/2019/02/11/google_gmail_develo...

[IncludeSecurity]

Interesting! I have some ideas for options here if you'd like to chat offline to see if I can help you here hit us up. https://includesecurity.com/#contact

Context: I work in this space and actively work on programs such as these.

[aspantel]

The problem is that Google wants to see reviews from one of those companies. We're communicating with them regarding this more ... Because this is just a major shake down which will put small dev. shops out of business.

[IncludeSecurity]

Yes I understand the problem, we've seen it before. I still have ideas that could help you if you'd like to communicate off HN, I'm happy to share.

[aspantel]

Google completely ignores our complaints about forcing app developers to use just those two firms so any dev. shop using Gmail API (or IMAP over OAuth2) should be prepared to pay >$15k! That is going to drive many small businesses out of business.

[aspantel]

Got it. Let me see what Google responds to our last inquiry, then I'll contact.