Red Herring has an interesting article about Google becoming the next Microsoft as a target for bugfinders: Google’s Microsoft Syndrome. This is the problem with vulnerability discovery/disclosure: bugfinders can look wherever they want; the world of software is essentially unbounded. Some folks just look for the ‘top dog’ and want to bring them down. Others have a personal gripe. Others are looking for press. There are any number of motives.
Regarding the specific point – At least for now, I think Google will have a much easier time of fixing problems when they are found for two big reasons:
- They are a 21st century software company with no legacy stuff to contend with. This minimizes their need for testing; and
- Almost all of their software is free. Their obligations to customers are much lower than Microsoft’s and this also contributes to reduced testing needs.
It will be interesting to see how these factors change over time.