Hacker News new | ask | show | jobs
by kramerger 1060 days ago
Not insane at all. Just think for a second: ehy would someone withhold a 0day?

I understand a 14 years old kid new to security doing this. But this guy is a pro, he knows the rules of responsible disclosure.

Why help Google? Because Google routinely reports 0days to apple, making their platform more secure for everyone.
1 comments
someplaceguy 1060 days ago
Does anyone know why Google focuses so much effort in finding vulnerabilities in their competitors rather than focusing all energy in securing their own products and services?

Is it because they can then publicize their discoveries and make themselves look good (while possibly making their competitors look bad)?

link
kramerger 1060 days ago
It really saddens me so read this type of comments on HN of all places.

Google has many issues, this is not one of them.

link
someplaceguy 1059 days ago
So... what, are you trying to say they do what they do as a form of charity? Trying to improve the security landscape out of the goodness of their hearts, one bug at a time?

To be clear, I'm not complaining, obviously I'm grateful for their work. I'm just trying to understand their motivation.

As you can probably realize, it's highly unusual behavior for a company to employ an entire team to do what they're doing, without any obvious benefit to the company itself (except perhaps PR value?).

link
jldugger 1058 days ago
> So... what, are you trying to say they do what they do as a form of charity? Trying to improve the security landscape out of the goodness of their hearts, one bug at a time?

My take:

- Project Zero is a public demonstration of their commitment to security. CTOs may be slightly warmer to them as a result.

- It's advertising for IT professionals Google needs to recruit into their own infosec teams. "Come work on internal vuln scanners and PCI compliance and maybe someday you can join the all star analyst team."

- And for the stars, maybe "spend 90 percent of your day Fixing Internet Security, and we'll come to you for expert troubleshooting on our own stuff the other 10 percent of the time" is a compelling recruitment pitch. Notably, the blog post announcing Project Zero concludes with a "we're hiring" paragraph.

- Fixing bugs in Apple products makes their own services more secure in the sense that their most valuable customers come to them through Apple platforms.

- Fixing bugs in open source tech protects their supply chain of crawling the web, making the resulting index available to consumers for search, and pairing searches with real time auctioned ads

- Publicly committing to ethical disclosure and other practices pressures the other 99 percent to match behavior.

- Turning the screws on competitors whose ads touting privacy don't quite match engineering outcomes.

link
someplaceguy 1058 days ago
This is exactly the kind of insight I was looking for (considering the limitation that as non-insiders, all we can do is speculate).

Thank you!

link