Google and its “Don’t be Evil” Slogan

By | June 15, 2010


Google and its Don't be Evill Slogan
There appears to be a great story behind the latest IE 0-day exploit (worth a read).

Here’s how it goes:

Google has been the loudest proponent for responsible disclosure in the past. But if you look at the dates in his post, he says he reported it to Microsoft on the 5th of June (a Saturday), who responded the same day. He sent the advisory early in the morning today the 10th of June – meaning Google gave Microsoft less than 5 days to fix it. Even Mozilla backed down from 10 day turn around, and they’re only running a single software suite. How is that possibly reasonable to expect a company like MS to turn around a patch in 4-5 days and then get so upset that then you must go full disclosure? And it’s not like Tavis was acting on his own – he credits other security researchers inside of Google for their help. So apparently it’s okay for Google to go full disclosure, but not for other researchers. The hypocrisy is amazing.

It really is.

In his defense however, I’d like to post the following line (taken from Tavis page): “Finally, a reminder that this documents contains my own opinions, I do not speak for or represent anyone but myself.”

[digg-reddit-me]


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (3)

Trackback URL | Comments RSS Feed

  1. jarncrig says:

    No, the story you linked to (at ha.ckers.org) is not great at all.  The story’s author deliberately twisted the entire intent of Tavis Ormandy’s new exploit to say that Google was providing this 5-day turnaround time, but it is not.  The exploit Tavis found was done as personal work and submitted as personal work to Microsoft.  It was not done on behalf of Google, and Google is not taking credit for finding the exploit nor is Google demanding Microsoft to fix it in 5 days.  That demand is from Tavis personally.
    The good story that you should actually have linked to is Tavis’s own article instead:
    http://seclists.org/fulldisclosure/2010/Jun/205

  2. nvm says:

    So an employer is responsible for what all employees do on their own time?