Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

This is about processes: Google Chrome Vulnerable to Carpet Bombing

This is about processes: Google Chrome Vulnerable to Carpet Bombing

  • Comments 1
  • Likes

This is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place.

There was quite some noise yesterday around Google Chrome. And a lot of noise about "safer browsing" and security. Now, I started to read articles that Google built its new browser on a Safari version which is outdated and not yet patched against the Carpet Bombing flaw.

This is about processes and quality assurance (and trust) and not about technology. This is about a Security Development Lifecycle with proper testing and QA. Google published a long comic on Chrome and talks extensively about testing – I think there is some real room for improvement here.

Do not get me wrong: We are far away from perfect. We will never achieve the "perfect" level. But we worked hard to implement strong processes and even share them with the industry (see SAFECode). So, why do companies like Google, Oracle, sun, etc not join such initiatives to jointly make sure we do not release products with vulnerabilities in, which are known since a long time…

Roger

Comments
  • It's obvious why Google is doing this. It's just the start to their mobile OS initiative. Chrome will most likely be a catalyst to further erosion of the desktop into a complete cloud.

    The thing that concerns me is two things. First, Googles EULA is not going to fly in the Enterprise. It specifically states that pretty much ALL data can be used and mined by Google. Try to convince an ISO9000 company of that offer and you'll get laughed out of the room. That's absolutely something that most companies will not tolerate...and really, shouldn't tolerate. Not one bit.

    Second, IE8 looks great. Wow. Microsoft, you've really turned a corner and started listening to your customers a lot more. Features we've been asking for years are finally making it into IE. Yes! THat said, the resource requirements to run the browser is at least 250 MB on my system. That's an incredibly high resource objective to meet. Hopefully the resource requirements will go down signifcantly during the RC and RTM builds because that's going to be a bitter pill to swallow as most companies computers...right now...cannot tolerate such high demands without slowing the user down from doing their job or spending $$$ to upgrade.

    Thank you for listening,

    John Stocker

    Newlight Consulting

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment