Security remains on of top concerns in cloud computing and rightly so. But, how could a cloud service provider ensure that it is doing everything possible to address the security issues to an extent that customers feel comfortable?
Google is adopting a radical approach towards addressing these issues: crowdsourcing. Earlier this month, Google announced a cash reward offer for any interested individual (aka hacker) who could report vulnerabilities on its Web properties. The vulnerability reward program promises to pay anywhere between $500 to $3100 depending on severity of the issue. The company is hoping that the reward program will attract enough enthusiasts (hackers, students, researchers and so on) such that they will reveal certain issues that are worth paying for.
The program is now available to subset of Google properties like
- *.google.com
- *.youtube.com
- *.blogger.com
- *.orkut.com
- XSS
- XSRF / CSRF
- XSSI (cross-site script inclusion)
- Bypassing authorization controls (e.g. User A can access User B's private data)
- Server side code execution or command injection
By the way... one more thing. Google will double the reward if the person decides to donate the amount to charity !
Any takers out there???
I remember first they started with putting a buggy app, and now opening up challenge to production code. It will be interesting to hear what customers think/perceive of these and if such steps introduce anxiety towards adopting SaaS.
ReplyDelete